General

  • Target

    b7cb466d1ac75903fff6cc04932d86ec38b4b9af3c1c0b0b4451ba7eaea569c6

  • Size

    2.9MB

  • Sample

    220311-14rdrsbgg7

  • MD5

    705290d1ba3237098e1a42596963fbd5

  • SHA1

    9046c5895c2886a6950de16287340742e196beb7

  • SHA256

    b7cb466d1ac75903fff6cc04932d86ec38b4b9af3c1c0b0b4451ba7eaea569c6

  • SHA512

    49ff969b6991b1f9855f64c79944504828510026205622b942739dcc50757c66e1bebdfa94969d4013bfb3aefc9bcbd2595ae7a7c9792089836900e366217507

Score
10/10

Malware Config

Extracted

Family

blackcat

Credentials
  • Username:
    ctconventions\administrator
  • Password:
    9ThingThousandPortugal^
  • Username:
    ctconventions\kdanforth
  • Password:
    |>eltaFlyer5
  • Username:
    ctconventions\whgadmin
  • Password:
    @C232323c
  • Username:
    ctconventions\glackey
  • Password:
    P@55Me2021$
  • Username:
    ctconventions\walkergroup
  • Password:
    2EnjoyAnythingCreate
  • Username:
    ctconventions\ctcc
  • Password:
    CTcc2629
  • Username:
    ctconventions\MasterAccount
  • Password:
    micros000000
Attributes
  • enable_network_discovery

    true

  • enable_self_propagation

    true

  • enable_set_wallpaper

    true

  • extension

    grp3smk

  • note_file_name

    RECOVER-${EXTENSION}-FILES.txt

  • note_full_text

    Hello, CTConventions >> What happened? Important files on your network was ENCRYPTED and now they have "${EXTENSION}" extension. In order to recover your files you need to follow instructions below. >> Sensitive Data Sensitive data on your network was DOWNLOADED. If you DON'T WANT your sensitive data to be PUBLISHED you have to act quickly. Data includes: - MICROS DATABASE, Accounting, Drawings - Check Copies, Engineering, HR, Banking Information - Payroll Scan, Sales and Marketing, Financia - And more... >> CAUTION DO NOT MODIFY ENCRYPTED FILES YOURSELF. DO NOT USE THIRD PARTY SOFTWARE TO RESTORE YOUR DATA. YOU MAY DAMAGE YOUR FILES, IT WILL RESULT IN PERMANENT DATA LOSS. >> What should I do next? 1) Download and install Tor Browser from: https://torproject.org/ 2) Navigate to: http://d75itpgjjfe2ys2qivqplbvmw3yyx7o5e4ppt2esit2lluhngulz4hqd.onion/?access-key=${ACCESS_KEY}

rsa_pubkey.plain

Targets

    • Target

      f2b3f1ed693021b20f456a058b86b08abfc4876c7a3ae18aea6e95567fd55b2e.exe

    • Size

      2.9MB

    • MD5

      0646491738c76fd6a9eefaed43eabf43

    • SHA1

      026720fca026d971b16d1990146ef6462e8c1664

    • SHA256

      f2b3f1ed693021b20f456a058b86b08abfc4876c7a3ae18aea6e95567fd55b2e

    • SHA512

      516b251f45861d01ae54c046fb49c09d1c3667eaf827d3f3e202cb6414b3a0b5899edd8f42c79ce4786e037f59af71e38af1b81abe033f6b4a6dc00b7315ea9b

    Score
    1/10

MITRE ATT&CK Matrix

Tasks