Overview

overview

10

Static

static

10

f2b3f1ed69...2e.exe

windows7_x64

1

f2b3f1ed69...2e.exe

windows10-2004_x64

4

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f2b3f1ed693021b20f456a058b86b08abfc4876c7a3ae18aea6e95567fd55b2e

  • Size

    2.9MB

  • Sample

    220218-ead1pabbdk

  • MD5

    0646491738c76fd6a9eefaed43eabf43

  • SHA1

    026720fca026d971b16d1990146ef6462e8c1664

  • SHA256

    f2b3f1ed693021b20f456a058b86b08abfc4876c7a3ae18aea6e95567fd55b2e

  • SHA512

    516b251f45861d01ae54c046fb49c09d1c3667eaf827d3f3e202cb6414b3a0b5899edd8f42c79ce4786e037f59af71e38af1b81abe033f6b4a6dc00b7315ea9b

Score
10/10
blackcat

Malware Config

Extracted

Family

blackcat

Credentials
  • Username:
    ctconventions\administrator
  • Password:
    9ThingThousandPortugal^
  • Username:
    ctconventions\kdanforth
  • Password:
    |>eltaFlyer5
  • Username:
    ctconventions\whgadmin
  • Password:
    @C232323c
  • Username:
    ctconventions\glackey
  • Password:
    P@55Me2021$
  • Username:
    ctconventions\walkergroup
  • Password:
    2EnjoyAnythingCreate
  • Username:
    ctconventions\ctcc
  • Password:
    CTcc2629
  • Username:
    ctconventions\MasterAccount
  • Password:
    micros000000
Attributes
  • enable_network_discovery

    true

  • enable_self_propagation

    true

  • enable_set_wallpaper

    true

  • extension

    grp3smk

  • note_file_name

    RECOVER-${EXTENSION}-FILES.txt

  • note_full_text

    Hello, CTConventions >> What happened? Important files on your network was ENCRYPTED and now they have "${EXTENSION}" extension. In order to recover your files you need to follow instructions below. >> Sensitive Data Sensitive data on your network was DOWNLOADED. If you DON'T WANT your sensitive data to be PUBLISHED you have to act quickly. Data includes: - MICROS DATABASE, Accounting, Drawings - Check Copies, Engineering, HR, Banking Information - Payroll Scan, Sales and Marketing, Financia - And more... >> CAUTION DO NOT MODIFY ENCRYPTED FILES YOURSELF. DO NOT USE THIRD PARTY SOFTWARE TO RESTORE YOUR DATA. YOU MAY DAMAGE YOUR FILES, IT WILL RESULT IN PERMANENT DATA LOSS. >> What should I do next? 1) Download and install Tor Browser from: https://torproject.org/ 2) Navigate to: http://d75itpgjjfe2ys2qivqplbvmw3yyx7o5e4ppt2esit2lluhngulz4hqd.onion/?access-key=${ACCESS_KEY}

rsa_pubkey.plain

Targets

    • Target

      f2b3f1ed693021b20f456a058b86b08abfc4876c7a3ae18aea6e95567fd55b2e

    • Size

      2.9MB

    • MD5

      0646491738c76fd6a9eefaed43eabf43

    • SHA1

      026720fca026d971b16d1990146ef6462e8c1664

    • SHA256

      f2b3f1ed693021b20f456a058b86b08abfc4876c7a3ae18aea6e95567fd55b2e

    • SHA512

      516b251f45861d01ae54c046fb49c09d1c3667eaf827d3f3e202cb6414b3a0b5899edd8f42c79ce4786e037f59af71e38af1b81abe033f6b4a6dc00b7315ea9b

    Score
    4/10
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks