BlackCat Ransomware Attackers Spotted Fine-Tuning Their Malware Arsenal

Home/malicious cyber actors, Malicious extension, Malware, Ransomware, Security Advisory, Security Update/BlackCat Ransomware Attackers Spotted Fine-Tuning Their Malware Arsenal

BlackCat Ransomware Attackers Spotted Fine-Tuning Their Malware Arsenal

BlackCat Ransomware attackers fine-tuning their malware arsenal in a bid to remain undercover and expand their reach. 

According to Symantec, “Among some of the more notable developments has been the use of a new version of the Exmatter data exfiltration tool, and the use of Eamfo, information-stealing malware that is designed to steal credentials stored by Veeam backup software.” 

Black Cat

BlackCat, also identified by the names ALPHV and Noberus, is attributed to an adversary tracked as Coreid (aka FIN7, Carbanak, or Carbon Spider) and is explained to be a rebranded successor of DarkSide and BlackMatter, the two of which shut store very last year pursuing a string of high-profile attacks, which include that of Colonial Pipeline.

ALPHV is also a person of the first ransomware strains to be programmed in Rust, a trend that has considering that been adopted by other households this sort of as Hive and Luna .

The research team discovered that BlackCat Ransomware attackers are capable of indexing leaked data and making it searchable.

BlackCat Ransomware attackers are also using Exmatter as a data exfiltration tool. It generates a report of all processed files and even corrupts the files in its latest revision.

Eamfo, a malware designed to steal Veeam, is used when attacking a server. The malware allows hackers to gain more clearance and move in and out of an organization’s system.

Ransomware groups are continually adapting and refining their operations to stay effective, as long as possible. Group 88 is focusing more on data theft, rather than ransomware and cryptocurrency.

IOCS

ad5002c8a4621efbd354d58a71427c157e4b2805cb86f434d724fc77068f1c40 – Trojan.Exmatter

8c5b108eab6a397bed4c099f13eed52aeeec37cc214423bde07544b44a62e74a – Ransom.Noberus

78517fb07ee5292da627c234b26b555413a459f8d7a9641e4a9fcc1099f06a3d –Infostealer.Eamfo

9aa1f37517458d635eae4f9b43cb4770880ea0ee171e7e4ad155bbdee0cbe732 –Infostealer.Eamfo

df492b4cc7f644ad3e795155926d1fc8ece7327c0c5c8ea45561f24f5110ce54 –Infostealer.Eamfo

029dde7c2ec880fb3d3e95e6a8376739b4bc46a0ce24012e064b904e6ecb672c –Ransom.Noberus

72f0981f18b969db2781e874d249d8003c07f99786e217f84cf54a148de259cc –Ransom.Noberus

18c909a2b8c5e16821d6ef908f56881aa0ecceeaccb5fa1e54995935fcfd12f7 – GMER Driver

e8a3e804a96c716a3e9b69195db6ffb0d33e2433af871e4d4e1eab3097237173 – GMER

ed6275195cf9fd758fb7f8bce868c14dc9e9d6b7aa6f472f714bce5ed7fabf7f – Masqueraded PAExec

5799d554307906e92749a0c45f21baff28d83b1cedccbf7cb6f2b98ac1b00930 – Masqueraded PAExec

File Names

sync_enc.exe

without_cert.exe

vup.exe

morph.exe

locker.exe

isgmer.exe

kgeyauow.sys

By | 2022-09-27T14:29:25+05:30 September 27th, 2022|malicious cyber actors, Malicious extension, Malware, Ransomware, Security Advisory, Security Update|

About the Author:

FirstHackersNews- Identifies Security

Leave A Comment

Subscribe to our newsletter to receive security tips everday!