- First seen: July 2021
- Aliases:
- Samples:
- 884e96a75dc568075e845ccac2d4b4ccec68017e6ef258c7c03da8c88a597534 | windows | ransom | js
- 9bff421325bed6f1989d048edb4c9b1450f71d4cb519afc5c2c90af8517f56f3 | | | bin
- 1df11bc19aa52b623bdf15380e3fded56d8eb6fb7b53a2240779864b1a6474ad | windows | ransom | pe
- ffc4d94a26ea7bcf48baffd96d33d3c3d53df1bb2c59567f6d04e02e7e2e5aaa | windows | ransom | pe
| Property | Value |
|---|---|
| Size | 637055 bytes |
| CRC32 | 0x4123e400 |
| MD5 | eef977108c7a7aef512532cc6e2f49cc |
| SHA1 | 7273bf0db30a12428f7046ef99ebe3e7472cdfbe |
| SHA256 | 884e96a75dc568075e845ccac2d4b4ccec68017e6ef258c7c03da8c88a597534 |
| SHA512 | f8a138c003e0ed56396539b7775063527cddc45b92c44a8d1f24041210fcec39b37917095453a4922bef5b4b08c4d4893b30e6d0d5b442deadbf5bb4ecebce31 |
| Ssdeep | 6144:9ifWwIb7L3vMTk69b9wwU5oyISUiuH4CgzO/NAgpD8TAVL3QGGv14nzUmviNu:cWwIb7ATki9wwyoVSUQCgwNdwML3K2 |
| Magic | ASCII text, with very long lines, with no line terminators |
| Packer | Text: format: plain text |
| TrID | Warning: file seems to be plain text/ASCII TrID is best suited to analyze binary files! Unknown! |
+ Avast: clean
- Avira: JS/BlkByte.G
+ Bitdefender: clean
- Clamav: Win.Ransomware.BlackByte-9915811-0
- Comodo: Malware
- Drweb: Trojan.Siggen14.62190
- Eset: JS/TrojanDropper.Agent.OHL
+ Fsecure: clean
+ Kaspersky: clean
- Mcafee: VBS/Agent.hr
- Sophos: JS/Drop-CSQ
- Symantec: Trojan Horse
+ Trendmicro: clean
- Windefender: Trojan:VBS/Obfuse!MSR| Property | Value |
|---|---|
| Size | 1096 bytes |
| CRC32 | 0xea611f6 |
| MD5 | cc9bd09676ffb36ab4b947bcf5068bc1 |
| SHA1 | 81c8246e27d6f8f050db543451085108cb708a49 |
| SHA256 | 9bff421325bed6f1989d048edb4c9b1450f71d4cb519afc5c2c90af8517f56f3 |
| SHA512 | 9001fe5a705fb677e21b20862669471af390141e47dad1434401de57240ca3f2e569b6bd8d664e7f9008b9b1dcac776b810f31c306080e8f1a21d3476bd02ee8 |
| Ssdeep | |
| Magic | data |
| Packer | Binary: Nothing found |
| TrID | Unknown! |
+ Avast: clean
+ Avira: clean
+ Bitdefender: clean
+ Clamav: clean
+ Comodo: clean
+ Drweb: clean
+ Eset: clean
+ Fsecure: clean
+ Kaspersky: clean
+ Mcafee: clean
+ Sophos: clean
+ Symantec: clean
+ Trendmicro: clean
+ Windefender: clean| Property | Value |
|---|---|
| Size | 1358336 bytes |
| CRC32 | 0xf5d1c49c |
| MD5 | 9344afc63753cd5e2ee0ff9aed43dc56 |
| SHA1 | ee1fa399ace734c33b77c62b6fb010219580448f |
| SHA256 | 1df11bc19aa52b623bdf15380e3fded56d8eb6fb7b53a2240779864b1a6474ad |
| SHA512 | 6434c212a85180c1af00f5c5fa081a6a6ab66f5633edb74e130a7b9d754a6a65dc973f5e820f6f57a43956c276dbf3721021d1e9bb53fa79ac51ed8cb23f4090 |
| Ssdeep | 24576:/U1v3pE+zO9mBt2bdm3EHVXkNA80Jl5IzCxWWDrSBkian7X5:/Qv74bdm3EHEA8UIzm8aj5 |
| Magic | PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows |
| Packer | PE+(64): packer: UPX(3.96)[NRV,brute] PE+(64): compiler: MinGW(-)[-] PE+(64): linker: GNU linker ld (GNU Binutils)(2.30)[EXE64,console] |
| TrID | 64.7% (.EXE) UPX compressed Win64 Executable (70117/5/12) 25.0% (.EXE) UPX compressed Win32 Executable (27066/9/6) 4.6% (.EXE) Win16 NE executable (generic) (5038/12/1) 1.8% (.EXE) OS/2 Executable (generic) (2029/13) 1.8% (.EXE) Generic Win/DOS Executable (2002/3) |
- Avast: Win64:Trojan-gen
- Avira: TR/Redcap.hsxjf
- Bitdefender: Trojan.Generic.30516393
+ Clamav: clean
- Comodo: Malware
- Drweb: Trojan.Ransom.813
- Eset: WinGo/Agent.CH
- Fsecure: Trojan.TR/Redcap.hsxjf
- Kaspersky: Trojan-Ransom.Win64.Blackbyte.i
- Mcafee: Ransom-blackbyte.a
- Sophos: Troj/Ransom-GLW
- Symantec: Ransom.Blackbyte
- Trendmicro: Ransom.Win64.BLACKBYTE.YACAF
- Windefender: Ransom:Win64/BlackByte!MSR| Property | Value |
|---|---|
| Size | 1351352 bytes |
| CRC32 | 0x6229b8a9 |
| MD5 | 03011da0f7f2e04ddfc9b8d2356dc4cb |
| SHA1 | 0f7e3c94b2d3df1722950ff472a06b3f96f65399 |
| SHA256 | ffc4d94a26ea7bcf48baffd96d33d3c3d53df1bb2c59567f6d04e02e7e2e5aaa |
| SHA512 | 76b29c0de2545efef69647d323ed0f0daa725fd13e6d5b0a955d5dd3f20b51d17039cdf93bbd3d305c5fa125603648d25ea7a27298fb8a724c78e795fcc1b60d |
| Ssdeep | 24576:bBQXSGlbPt3H1+OwQBiv5hLRF4w0FuHJNKlg1Nk/9z1p/Ew:VQXSYbPt3gOwbhIFkuJ/sw |
| Magic | PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows |
| Packer | PE+(64): packer: UPX(3.96)[NRV,brute] PE+(64): compiler: MinGW(-)[-] PE+(64): linker: GNU linker ld (GNU Binutils)(2.30)[EXE64,console,signed] |
| TrID | 64.7% (.EXE) UPX compressed Win64 Executable (70117/5/12) 25.0% (.EXE) UPX compressed Win32 Executable (27066/9/6) 4.6% (.EXE) Win16 NE executable (generic) (5038/12/1) 1.8% (.EXE) OS/2 Executable (generic) (2029/13) 1.8% (.EXE) Generic Win/DOS Executable (2002/3) |
- Avast: Win64:Trojan-gen
- Avira: TR/Redcap.rdtnx
- Bitdefender: Trojan.GenericKD.48066447
+ Clamav: clean
+ Comodo: clean
+ Drweb: clean
- Eset: WinGo/Packed.Obfuscated.A suspicious application
- Fsecure: Trojan.TR/Redcap.rdtnx
- Kaspersky: Trojan-Ransom.Win64.Blackbyte.k
+ Mcafee: clean
+ Sophos: clean
- Symantec: Trojan.Gen.MBT
+ Trendmicro: clean
+ Windefender: clean- https://news.sophos.com/en-us/2022/10/04/blackbyte-ransomware-returns/
- https://www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-blackbyte
- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/blackbyte-ransomware-pt-1-in-depth-analysis/
- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/blackbyte-ransomware-pt-2-code-obfuscation-analysis/
- https://unit42.paloaltonetworks.com/blackbyte-ransomware/
- https://www.zscaler.com/blogs/security-research/analysis-blackbyte-ransomwares-go-based-variants
- https://redcanary.com/blog/blackbyte-ransomware/
- /~https://github.com/SpiderLabs/BlackByteDecryptor