Ransom

Ransom.BlackCat (file analysis)

Malware Removal

The Ransom.BlackCat is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Ransom.BlackCat virus can do?

  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • CAPE detected the BlackCat malware family
  • Anomalous binary characteristics

How to determine Ransom.BlackCat?



File Info:

name: 8BF2F18A0C8167724CD2.mlw
path: /opt/CAPEv2/storage/binaries/e55cc3426298f9f848849304d10b9222925eb19caebaebaa44dfb85ad2346062
crc32: C517CCB1
md5: 8bf2f18a0c8167724cd22bd5afe9d4f5
sha1: dae8d9ca517d169a0290047b56e76fa2fdf3ceb2
sha256: e55cc3426298f9f848849304d10b9222925eb19caebaebaa44dfb85ad2346062
sha512: 78132c1bf57e8b002e62912e81567d7dc814bec96888b0768f9ef97be456821956a558b8a515e94fe51d3b4c0c48cb2cd74f1303d787ebeb49e2a06206555e94
ssdeep: 49152:fQMejJ/oFaOKIV+Wv40nM338KVKKPgTxDeL+k2GNjqPwnyeuJ0+ckk+S7:Al/VOKIVvLM33tQKPgw9jqYnyec0+c
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T1D4E5AF95FB83E2ADEDAB1470305EB33ADE344C1801199FA3DBE45D71B92EB111E4861E
sha3_384: e1097d694556a6eb7bd937efe83edfce90bb893d87d1a262fb255afc5eca1fda352831cecfdf5b7a678bcf3619e2f919
ep_bytes: c70508e26d0000000000e9a1fcffff90
timestamp: 2022-05-17 18:30:07


Version Info:

0: [No Data]

Ransom.BlackCat also known as:

LionicTrojan.Win32.Generic.j!c
MicroWorld-eScanGen:Variant.Fragtor.80966
ClamAVWin.Ransomware.BlackCat-9974801-0
CAT-QuickHealRansom.Blackcat.S27868966
MalwarebytesRansom.BlackCat
VIPREGen:Variant.Fragtor.80966
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 0058e0151 )
AlibabaRansom:Win32/BlackCat.cdfd4da6
K7GWTrojan ( 0058e0151 )
CyrenW32/BlackCat.B.gen!Eldorado
SymantecTrojan Horse
ElasticMulti.Ransomware.BlackCat
ESET-NOD32a variant of Win32/Filecoder.BlackCat.A
CynetMalicious (score: 99)
KasperskyHEUR:Trojan-Ransom.Win32.Generic
BitDefenderGen:Variant.Fragtor.80966
NANO-AntivirusTrojan.Win32.Encoder.jpclgv
AvastWin32:RansomX-gen [Ransom]
TencentWin32.Trojan.Filecoder.Rsmw
Ad-AwareGen:Variant.Fragtor.80966
TACHYONRansom/W32.Agent.3077120
EmsisoftGen:Variant.Fragtor.80966 (B)
ComodoMalware@#14s6hiitbwz98
DrWebTrojan.Encoder.35107
ZillyaTrojan.Filecoder.Win32.24391
TrendMicroRansom.Win32.BLACKCAT.SMYPCC5
McAfee-GW-EditionGenericRXTJ-KR!8BF2F18A0C81
FireEyeGen:Variant.Fragtor.80966
SophosTroj/Ransom-GSD
JiangminTrojan.Generic.hiinn
WebrootW32.Trojan.Gen
AviraHEUR/AGEN.1250038
Antiy-AVLTrojan[Ransom]/Win32.BlackCat
KingsoftWin32.Troj.Generic.jm.(kcloud)
MicrosoftRansom:Win32/BlackCat.A
ArcabitTrojan.Fragtor.D13C46
GDataGen:Variant.Fragtor.80966
GoogleDetected
AhnLab-V3Ransomware/Win.BlackCat.C5176777
Acronissuspicious
McAfeeGenericRXTJ-KR!8BF2F18A0C81
MAXmalware (ai score=100)
CylanceUnsafe
RisingRansom.BlackCat!1.DB0B (CLASSIC)
IkarusTrojan-Ransom.BlackCat
MaxSecureTrojan.Malware.10307848.susgen
FortinetW32/Filecoder_BlackCat.A!tr.ransom
BitDefenderThetaGen:NN.ZexaCO.34796.7MW@aSPrxHb
AVGWin32:RansomX-gen [Ransom]
PandaTrj/GdSda.A
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Ransom.BlackCat?

Ransom.BlackCat removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment