Static task
static1
Behavioral task
behavioral1
Sample
9802a1e8fb425ac3a7c0a7fca5a17cfcb7f3f5f0962deb29e3982f0bece95e26.bin
Resource
ubuntu1804-amd64-en-20211208
General
-
Target
9802a1e8fb425ac3a7c0a7fca5a17cfcb7f3f5f0962deb29e3982f0bece95e26.bin
-
Size
1.8MB
-
MD5
769fdda466dcd97eb8a7a99c958d460e
-
SHA1
5ac485d60fe2c096b10cda2624588427928e3f0d
-
SHA256
9802a1e8fb425ac3a7c0a7fca5a17cfcb7f3f5f0962deb29e3982f0bece95e26
-
SHA512
d0a514d81b0453f532e56875d912f1297d0e8bc81ac7e29f402ad0173c203aca135d9712d0e38e301f6d72737a7c5c06b364c9bd76f0e2f422da680f5cb04de1
-
SSDEEP
49152:IqeL+lTdKGwpizjdRVdjezCFvw9b28vXUG3ao3tAbK:Iqe0/FdjezChXbK
Malware Config
Extracted
blackcat
- Username:
NANOFOCUS.LOCAL\Administrator - Password:
368CkbIna?#
-
enable_network_discovery
true
-
enable_self_propagation
true
-
enable_set_wallpaper
true
-
extension
mfqssdj
-
note_file_name
RECOVER-${EXTENSION}-FILES.txt
-
note_full_text
>> What happened? Important files on your network was ENCRYPTED and now they have "${EXTENSION}" extension. In order to recover your files you need to follow instructions below. >> Sensitive Data Sensitive data on your system was DOWNLOADED. If you DON'T WANT your sensitive data to be PUBLISHED you have to act quickly. Data includes: - Employees personal data, CVs, DL, SSN. - Complete network map including credentials for local and remote services. - Private financial information including: clients data, bills, budgets, annual reports, bank statements. - Manufacturing documents including: datagrams, schemas, drawings in solidworks format. - Source code. -And more... >> CAUTION DO NOT MODIFY ENCRYPTED FILES YOURSELF. DO NOT USE THIRD PARTY SOFTWARE TO RESTORE YOUR DATA. YOU MAY DAMAGE YOUR FILES, IT WILL RESULT IN PERMANENT DATA LOSS. >> What should I do next? Follow these simple steps to get everything back to normal: 1) Download and install Tor Browser from: https://torproject.org/ 2) Navigate to: http://b4twqa2mvob3s6uvuyfra5xk3qgps2v5kkt7k2qnb7rpdu3j4fkntead.onion/?access-key=${ACCESS_KEY}
Signatures
-
Blackcat family
Files
-
9802a1e8fb425ac3a7c0a7fca5a17cfcb7f3f5f0962deb29e3982f0bece95e26.bin.elf linux x64