Kaspersky Threats — Trojan-Ransom.Win32.BlackMatter.a

Class: Trojan-Ransom

This type of Trojan modifies data on the victim computer so that the victim can no longer use the data, or it prevents the computer from running correctly. Once the data has been “taken hostage” (blocked or encrypted), the user will receive a ransom demand. The ransom demand tells the victim to send the malicious user money; on receipt of this, the cyber criminal will send a program to the victim to restore the data or restore the computer’s performance.

Read more

Platform: Win32

Win32 is an API on Windows NT-based operating systems (Windows XP, Windows 7, etc.) that supports execution of 32-bit applications. One of the most widespread programming platforms in the world.

Family: BlackMatter

No family description

Examples

A668E917DB5EF1C718DE30A95E63A417
10894B312A3C0B4ECE083443055F5059
36F5CB8CC0629F24F1D97F67E8F8EC7F
4FC57F335CB6DC11EE37EFEFF2B716BA
334C0EFD4B21C5174D9BF176A7094610

Tactics and Techniques: Mitre*

TA0007

Discovery

An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.

T1082

System Information Discovery

TA0009

Collection

Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.

T1005

Data from Local System

Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.