Resubmissions

22-02-2022 06:25

220222-g6sj3aefan 10

20-01-2022 19:00

220120-xnztesbbg7 10

General

  • Target

    9802a1e8fb425ac3a7c0a7fca5a17cfcb7f3f5f0962deb29e3982f0bece95e26.bin

  • Size

    1.8MB

  • MD5

    769fdda466dcd97eb8a7a99c958d460e

  • SHA1

    5ac485d60fe2c096b10cda2624588427928e3f0d

  • SHA256

    9802a1e8fb425ac3a7c0a7fca5a17cfcb7f3f5f0962deb29e3982f0bece95e26

  • SHA512

    d0a514d81b0453f532e56875d912f1297d0e8bc81ac7e29f402ad0173c203aca135d9712d0e38e301f6d72737a7c5c06b364c9bd76f0e2f422da680f5cb04de1

  • SSDEEP

    49152:IqeL+lTdKGwpizjdRVdjezCFvw9b28vXUG3ao3tAbK:Iqe0/FdjezChXbK

Score
10/10

Malware Config

Extracted

Family

blackcat

Credentials
  • Username:
    NANOFOCUS.LOCAL\Administrator
  • Password:
    368CkbIna?#
Attributes
  • enable_network_discovery

    true

  • enable_self_propagation

    true

  • enable_set_wallpaper

    true

  • extension

    mfqssdj

  • note_file_name

    RECOVER-${EXTENSION}-FILES.txt

  • note_full_text

    >> What happened? Important files on your network was ENCRYPTED and now they have "${EXTENSION}" extension. In order to recover your files you need to follow instructions below. >> Sensitive Data Sensitive data on your system was DOWNLOADED. If you DON'T WANT your sensitive data to be PUBLISHED you have to act quickly. Data includes: - Employees personal data, CVs, DL, SSN. - Complete network map including credentials for local and remote services. - Private financial information including: clients data, bills, budgets, annual reports, bank statements. - Manufacturing documents including: datagrams, schemas, drawings in solidworks format. - Source code. -And more... >> CAUTION DO NOT MODIFY ENCRYPTED FILES YOURSELF. DO NOT USE THIRD PARTY SOFTWARE TO RESTORE YOUR DATA. YOU MAY DAMAGE YOUR FILES, IT WILL RESULT IN PERMANENT DATA LOSS. >> What should I do next? Follow these simple steps to get everything back to normal: 1) Download and install Tor Browser from: https://torproject.org/ 2) Navigate to: http://b4twqa2mvob3s6uvuyfra5xk3qgps2v5kkt7k2qnb7rpdu3j4fkntead.onion/?access-key=${ACCESS_KEY}

rsa_pubkey.plain

Signatures

Files

  • 9802a1e8fb425ac3a7c0a7fca5a17cfcb7f3f5f0962deb29e3982f0bece95e26.bin
    .elf linux x64