General
-
Target
be8c5d07ab6e39db28c40db20a32f47a97b7ec9f26c9003f9101a154a5a98486.bin
-
Size
2.9MB
-
MD5
b6b9d449c9416abf96d21b356a41a28e
-
SHA1
38fa2979382615bbee32d1f58295447c33ca4316
-
SHA256
be8c5d07ab6e39db28c40db20a32f47a97b7ec9f26c9003f9101a154a5a98486
-
SHA512
b7140d9931b4fc5afaf61af6c2bc6c7acac3863b40adb53990cb3e8deec86c19e6384667f39b47be46f3a87d1df433be26e398251a80456f5641abe48fa58855
-
SSDEEP
49152:nKoWSw+biIUslcrZM2xTSQyAnsKN3uLlkoCP4QNw/RgaJ2wgX:nKoWSw+e9slcrq2xTpsKNOVokvwwgX
Malware Config
Extracted
blackcat
- Username:
COURTSMAMMOUTH\MMautbur - Password:
Courts$321
- Username:
COURTSMAMMOUTH\yousouf - Password:
Password257
- Username:
COURTSMAMMOUTH\citrix - Password:
Pass123
- Username:
COURTSMAMMOUTH\mtlit - Password:
Pass1234
- Username:
COURTSMAMMOUTH\ksadmin - Password:
Courts$123
-
enable_network_discovery
true
-
enable_self_propagation
true
-
enable_set_wallpaper
true
-
extension
hfdvdom
-
note_file_name
RECOVER-${EXTENSION}-FILES.txt
-
note_full_text
>> What happened? Important files on your network was ENCRYPTED and now they have "${EXTENSION}" extension. In order to recover your files you need to follow instructions below. >> CAUTION DO NOT MODIFY ENCRYPTED FILES YOURSELF. DO NOT USE THIRD PARTY SOFTWARE TO RESTORE YOUR DATA. YOU MAY DAMAGE YOUR FILES, IT WILL RESULT IN PERMANENT DATA LOSS. >> What should I do next? Follow these simple steps to get everything back to normal: 1) Download and install Tor Browser from: https://torproject.org/ 2) Navigate to: http://74tutyjtwhxssfw7eax7gkb5upyo5dkmfxwzypk4sd3f3334z6anziyd.onion/?access-key=${ACCESS_KEY}
Signatures
-
Blackcat family
Files
-
be8c5d07ab6e39db28c40db20a32f47a97b7ec9f26c9003f9101a154a5a98486.bin
55c1bce75ad836c886b7fb6bca398063
Code Sign
Headers
Imports
Sections