ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > List all tools > List all groups using tool BitPaymer

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: BitPaymer

NamesBitPaymer
FriedEx
IEncrypt
CategoryMalware
TypeRansomware, Credential stealer, Big Game Hunting
Description(IBM) The submitted file is a custom packed BitPaymer ransomware loader that is designed to run on Windows 7 or above or any version of Windows server. The loader uses Alternate Data Streams to hide its tracks and service hijacking to maintain persistence. The loader uses RC4 to decrypt its configuration data.

The BitPaymer ransomware is used to encrypt files based on the settings from the configuration data. It has the ability to encrypt local and remote disks and can whitelist various file types that are not to be encrypted. The ransom note follows the same general outline as that of other ransomware families; however, BitPaymer is customized to the company or victim being attacked and contains their names in the configuration data itself.
Information<https://exchange.xforce.ibmcloud.com/malware-analysis/guid:14521d85c16836ad5e8cd7176a9f5003>
<https://nakedsecurity.sophos.com/2017/09/21/how-bitpaymer-ransomware-covers-its-tracks/>
<https://www.mcafee.com/blogs/other-blogs/mcafee-labs/spanish-mssp-targeted-by-bitpaymer-ransomware/>
<https://blog.morphisec.com/bitpaymer-ransomware-with-new-custom-packer-framework>
<https://blog.trendmicro.com/trendlabs-security-intelligence/account-with-admin-privileges-abused-to-install-bitpaymer-ransomware-via-psexec/>
<https://cyware.com/news/bitpaymer-ransomware-an-insight-into-the-ransomwares-attack-campaigns-ced9027b>
<https://lifars.com/2019/11/analysis-of-dridex-bitpaymer-and-doppelpaymer-campaign/>
<https://www.welivesecurity.com/2018/01/26/friedex-bitpaymer-ransomware-work-dridex-authors/>
<https://blog.trendmicro.com/trendlabs-security-intelligence/ursnif-emotet-dridex-and-bitpaymer-gangs-linked-by-a-similar-loader/>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/win.friedex>
AlienVault OTX<https://otx.alienvault.com/browse/pulses?q=tag:Bitpaymer>

Last change to this tool card: 13 July 2020

Download this tool card in JSON format

Previous: BISTROMATH
Next: Bitsran

All groups using tool BitPaymer

ChangedNameCountryObserved

APT groups

 Indrik SpiderRussia2014-Jun 2021 HOTX

1 group listed (1 APT, 0 other, 0 unknown)

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key