███████╗██╗ ██╗██╗██╗ ███╗ ███╗██╗ ██╗████████╗███████╗██╗ ██╗ ██╔════╝██║ ██║██║██║ ████╗ ████║██║ ██║╚══██╔══╝██╔════╝╚██╗██╔╝ █████╗ ██║ ██║██║██║ ██╔████╔██║██║ ██║ ██║ █████╗ ╚███╔╝ ██╔══╝ ╚██╗ ██╔╝██║██║ ██║╚██╔╝██║██║ ██║ ██║ ██╔══╝ ██╔██╗ ███████╗ ╚████╔╝ ██║███████╗ ██║ ╚═╝ ██║╚██████╔╝ ██║ ███████╗██╔╝ ██╗ ╚══════╝ ╚═══╝ ╚═╝╚══════╝ ╚═╝ ╚═╝ ╚═════╝ ╚═╝ ╚══════╝╚═╝ ╚═╝

⚠

BlackHunt

ransomware2 mutex signatures

[BASIC_INFORMATION]

FAMILY_NAME:

BlackHunt

CATEGORY:

RANSOMWARE

DESCRIPTION:

BlackHunt is a ransomware written in Go, first observed in early 2024. It is often deployed by threat actors after exploiting vulnerable remote access services.

ALIASES:

BlackHunt Ransomware

TAGS:

file_encryptionGoremote_access_exploitation

[MUTEX_SIGNATURES](2)

[MUTEX_01]

BlackKeys

ANALYST: @adhikara13 DATE: 2024-08-01

REFERENCES:

https://x.com/malwrhunterteam/status/1744499157442666907

https://www.rapid7.com/blog/post/2024/02/05/exploring-the-not-so-secret-code-of-blackhunt-ransomware-2/

[MUTEX_02]

BLACK_HUNT_MUTEX

ANALYST: @adhikara13 DATE: 2024-08-01

REFERENCES:

https://www.trendmicro.com/vinfo/ae/threat-encyclopedia/malware/ransom.win32.blackhunt.thlbhbb

[QUICK_ACTIONS]

[THREAT_INTELLIGENCE]

ATTRIBUTION:

⚠Unknown

FIRST_OBSERVED:

2024

[SIGMA_RULE]

[STATISTICS]

MUTEX_COUNT:2

THREAT_ACTORS:1

ALIASES:1

TAGS:3

CATEGORY:RANSOMWARE

Malware profile loaded successfully