General
-
Target
b7cb466d1ac75903fff6cc04932d86ec38b4b9af3c1c0b0b4451ba7eaea569c6
-
Size
2.9MB
-
Sample
220311-14rdrsbgg7
-
MD5
705290d1ba3237098e1a42596963fbd5
-
SHA1
9046c5895c2886a6950de16287340742e196beb7
-
SHA256
b7cb466d1ac75903fff6cc04932d86ec38b4b9af3c1c0b0b4451ba7eaea569c6
-
SHA512
49ff969b6991b1f9855f64c79944504828510026205622b942739dcc50757c66e1bebdfa94969d4013bfb3aefc9bcbd2595ae7a7c9792089836900e366217507
Static task
static1
Behavioral task
behavioral1
Sample
f2b3f1ed693021b20f456a058b86b08abfc4876c7a3ae18aea6e95567fd55b2e.exe
Resource
win7-20220310-en
Behavioral task
behavioral2
Sample
f2b3f1ed693021b20f456a058b86b08abfc4876c7a3ae18aea6e95567fd55b2e.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
blackcat
- Username:
ctconventions\administrator - Password:
9ThingThousandPortugal^
- Username:
ctconventions\kdanforth - Password:
|>eltaFlyer5
- Username:
ctconventions\whgadmin - Password:
@C232323c
- Username:
ctconventions\glackey - Password:
P@55Me2021$
- Username:
ctconventions\walkergroup - Password:
2EnjoyAnythingCreate
- Username:
ctconventions\ctcc - Password:
CTcc2629
- Username:
ctconventions\MasterAccount - Password:
micros000000
-
enable_network_discovery
true
-
enable_self_propagation
true
-
enable_set_wallpaper
true
-
extension
grp3smk
-
note_file_name
RECOVER-${EXTENSION}-FILES.txt
-
note_full_text
Hello, CTConventions >> What happened? Important files on your network was ENCRYPTED and now they have "${EXTENSION}" extension. In order to recover your files you need to follow instructions below. >> Sensitive Data Sensitive data on your network was DOWNLOADED. If you DON'T WANT your sensitive data to be PUBLISHED you have to act quickly. Data includes: - MICROS DATABASE, Accounting, Drawings - Check Copies, Engineering, HR, Banking Information - Payroll Scan, Sales and Marketing, Financia - And more... >> CAUTION DO NOT MODIFY ENCRYPTED FILES YOURSELF. DO NOT USE THIRD PARTY SOFTWARE TO RESTORE YOUR DATA. YOU MAY DAMAGE YOUR FILES, IT WILL RESULT IN PERMANENT DATA LOSS. >> What should I do next? 1) Download and install Tor Browser from: https://torproject.org/ 2) Navigate to: http://d75itpgjjfe2ys2qivqplbvmw3yyx7o5e4ppt2esit2lluhngulz4hqd.onion/?access-key=${ACCESS_KEY}
Targets
-
-
Target
f2b3f1ed693021b20f456a058b86b08abfc4876c7a3ae18aea6e95567fd55b2e.exe
-
Size
2.9MB
-
MD5
0646491738c76fd6a9eefaed43eabf43
-
SHA1
026720fca026d971b16d1990146ef6462e8c1664
-
SHA256
f2b3f1ed693021b20f456a058b86b08abfc4876c7a3ae18aea6e95567fd55b2e
-
SHA512
516b251f45861d01ae54c046fb49c09d1c3667eaf827d3f3e202cb6414b3a0b5899edd8f42c79ce4786e037f59af71e38af1b81abe033f6b4a6dc00b7315ea9b
Score1/10 -