Overview

overview

10

Static

static

10

f815f5d6c8...89.exe

windows7_x64

10

f815f5d6c8...89.exe

windows10-2004_x64

1

Analysis

  • max time kernel
    70s
  • max time network
    43s
  • platform
    windows7_x64
  • resource
    win7-en-20211208
  • submitted
    05-02-2022 00:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f815f5d6c85bcbc1ec071dd39532a20f5ce910989552d980d1d4346f57b75f89.exe

  • Size

    3.3MB

  • MD5

    7a34b6a3c558492c04f3418d726b86a8

  • SHA1

    45212fa4501ede5af428563f8043c4ae40faec76

  • SHA256

    f815f5d6c85bcbc1ec071dd39532a20f5ce910989552d980d1d4346f57b75f89

  • SHA512

    791ade201bf318ef3386fcfa8ea970d73e9cbc2de6af49dd0d9af1f823f2602af3f396fb061562903f7518a3076b85ce95a039c268c56ef38a597e700c0762a3

Score
10/10
blackcatransomware

Malware Config

Extracted

Family

blackcat

Credentials
Attributes
  • enable_network_discovery

    true

  • enable_self_propagation

    true

  • enable_set_wallpaper

    true

  • extension

    wpzlbji

  • note_file_name

    RECOVER-${EXTENSION}-FILES.txt

  • note_full_text

    >> Introduction Important files on your system was ENCRYPTED and now they have have "${EXTENSION}" extension. In order to recover your files you need to follow instructions below. >> Sensitive Data Sensitive data on your system was DOWNLOADED and it will be PUBLISHED if you refuse to cooperate. Data includes: - Employees personal data, CVs, DL, SSN. - Complete network map including credentials for local and remote services. - Financial information including clients data, bills, budgets, annual reports, bank statements. - Complete datagrams/schemas/drawings for manufacturing in solidworks format - And more... >> CAUTION DO NOT MODIFY FILES YOURSELF. DO NOT USE THIRD PARTY SOFTWARE TO RESTORE YOUR DATA. YOU MAY DAMAGE YOUR FILES, IT WILL RESULT IN PERMANENT DATA LOSS. YOUR DATA IS STRONGLY ENCRYPTED, YOU CAN NOT DECRYPT IT WITHOUT CIPHER KEY. >> Recovery procedure Follow these simple steps to get in touch and recover your data: 1) Download and install Tor Browser from: https://torproject.org/ 2) Navigate to: http://2cuqgeerjdba2rhdiviezodpu3lc4qz2sjf4qin6f7std2evleqlzjid.onion/?access-key=${ACCESS_KEY}

rsa_pubkey.plain

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\f815f5d6c85bcbc1ec071dd39532a20f5ce910989552d980d1d4346f57b75f89.exe
    "C:\Users\Admin\AppData\Local\Temp\f815f5d6c85bcbc1ec071dd39532a20f5ce910989552d980d1d4346f57b75f89.exe"
    1⤵
      PID:1212

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1212-54-0x00000000762C1000-0x00000000762C3000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1212-55-0x0000000000400000-0x0000000000777000-memory.dmp

      Filesize

      3.5MB

      Download