General

  • Target

    b7cb466d1ac75903fff6cc04932d86ec38b4b9af3c1c0b0b4451ba7eaea569c6

  • Size

    2.9MB

  • MD5

    705290d1ba3237098e1a42596963fbd5

  • SHA1

    9046c5895c2886a6950de16287340742e196beb7

  • SHA256

    b7cb466d1ac75903fff6cc04932d86ec38b4b9af3c1c0b0b4451ba7eaea569c6

  • SHA512

    49ff969b6991b1f9855f64c79944504828510026205622b942739dcc50757c66e1bebdfa94969d4013bfb3aefc9bcbd2595ae7a7c9792089836900e366217507

Score
10/10

Malware Config

Extracted

Family

blackcat

Credentials
  • Username:
    ctconventions\administrator
  • Password:
    9ThingThousandPortugal^
  • Username:
    ctconventions\kdanforth
  • Password:
    |>eltaFlyer5
  • Username:
    ctconventions\whgadmin
  • Password:
    @C232323c
  • Username:
    ctconventions\glackey
  • Password:
    P@55Me2021$
  • Username:
    ctconventions\walkergroup
  • Password:
    2EnjoyAnythingCreate
  • Username:
    ctconventions\ctcc
  • Password:
    CTcc2629
  • Username:
    ctconventions\MasterAccount
  • Password:
    micros000000
Attributes
  • enable_network_discovery

    true

  • enable_self_propagation

    true

  • enable_set_wallpaper

    true

  • extension

    grp3smk

  • note_file_name

    RECOVER-${EXTENSION}-FILES.txt

  • note_full_text

    Hello, CTConventions >> What happened? Important files on your network was ENCRYPTED and now they have "${EXTENSION}" extension. In order to recover your files you need to follow instructions below. >> Sensitive Data Sensitive data on your network was DOWNLOADED. If you DON'T WANT your sensitive data to be PUBLISHED you have to act quickly. Data includes: - MICROS DATABASE, Accounting, Drawings - Check Copies, Engineering, HR, Banking Information - Payroll Scan, Sales and Marketing, Financia - And more... >> CAUTION DO NOT MODIFY ENCRYPTED FILES YOURSELF. DO NOT USE THIRD PARTY SOFTWARE TO RESTORE YOUR DATA. YOU MAY DAMAGE YOUR FILES, IT WILL RESULT IN PERMANENT DATA LOSS. >> What should I do next? 1) Download and install Tor Browser from: https://torproject.org/ 2) Navigate to: http://d75itpgjjfe2ys2qivqplbvmw3yyx7o5e4ppt2esit2lluhngulz4hqd.onion/?access-key=${ACCESS_KEY}

rsa_pubkey.plain
1
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvcNJz4PSogSJ3Df7ho/Fdl3RTZYU1zY2sY6lojUACXaPYhaKpjJ/My5VZHotI7xo2Qml8OdWgB1pYABHYVgB5G9KCjXw7/kbSaObK+NBiokPzg9Tpc0BlYZt1z1VvsR/tnyx4hs/U3N1eMqqmOfEI2tX9GDEAZzC6XuuW50sQEF/noVO8RZi9lnNlxKxMGhZ1TGRq3XkPypr8JYNoBisL3Yf3JhqfiH6sCQbXybrH9d05B8zP+jfyMbwDT3p+YMIuHEnnP86JlBZ7CuBAd0VTjC6IBYlUDorSSF3qGD2Me4ajVkOBdo4/dPBgfyqJJQLvC8fD5muwkFH2/0QPDv/KwIDAQAB

Signatures

Files

  • b7cb466d1ac75903fff6cc04932d86ec38b4b9af3c1c0b0b4451ba7eaea569c6
    .zip
  • f2b3f1ed693021b20f456a058b86b08abfc4876c7a3ae18aea6e95567fd55b2e.exe
    .exe windows x86

    676f66b42797477a467945daedd979f3


    Code Sign

    Headers

    Imports

    Sections

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.