Sharpdepositorcrypter

Malware Profile Updated 3 months ago
Download STIX
Preview STIX
SharpDepositorCrypter, also known as OMCLoader, is a form of malware that was primarily utilized by the BlackBasta ransomware group during most of 2022. The malware originated as a loader for a .NET infostealer named SharpDepositor, which may explain its name found in PDB strings of early samples. However, it has since evolved into a more complex loader and is no longer restricted to .NET payloads. The initial versions of SharpDepositorCrypter encrypted their payload using RC4 and base64 encoding, but newer iterations have switched to using AES encryption. Throughout 2022, SharpDepositorCrypter served as the primary loader for BlackBasta ransomware, significantly contributing to the group's cyber-attacks. However, its usage began to decline in 2023. BlackBasta started to increasingly employ other crypters such as Quixotic, Quicksand, Dave, and Tron for their operations. This shift in strategy might be due to the evolution of cybersecurity measures or a strategic decision within the BlackBasta group. To differentiate between the different versions of this malware, we are currently tracking the earlier RC4-based samples as SharpDepositorCrypter, and the AES-based versions under the name OMCLoader. This distinction helps us understand the evolution of the malware and provides better insight into the tactics, techniques, and procedures (TTPs) used by threat actors like BlackBasta. It remains crucial to stay updated with these developments to effectively mitigate the risks posed by such evolving cyber threats.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Blackbasta
1
BlackBasta is a malicious software (malware) known for its disruptive and damaging effects on computer systems. It infiltrates systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt operations, or even ho
Omcloader
1
OMCLoader is a type of malware, malicious software designed to exploit and damage computer systems by infiltrating them through suspicious downloads, emails, or websites. This harmful program can steal personal information, disrupt operations, or hold data for ransom once it has infected a system. O
Sharpdepositor
1
None
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Payload
Infostealer
Loader
Ransomware
Encryption
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
QuixoticUnspecified
1
Quixotic is a potent malware that has been used to crypt various ransomware samples, including BlackBasta and CobaltStrike. In May 2023, it was utilized to encrypt a BlackBasta ransomware sample, while in October 2022, it played a significant role in a CobaltStrike sample used in a BlackBasta attack
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Sharpdepositorcrypter Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
SecurityIntelligence.com
a year ago
The Trickbot/Conti Crypters: Where Are They Now?