blackcat | 1f1c878dacb13a93df5061d990c130bf0f4e0117a6d506dc25e62a959d4c987b

General

Target

4525187334307840.zip
Size

1.6MB
Sample

220319-nw3qlshbb7
MD5

7816a6a85687201f6f17ce8921309b7d
SHA1

4af9fa0b82d3dd30560f0badb2f923963751ff5e
SHA256

1f1c878dacb13a93df5061d990c130bf0f4e0117a6d506dc25e62a959d4c987b
SHA512

8721b9e4e598c62b8404feb043c6e113aa9b15f5ce52dbb581afc4ada811ecbb0910794624c9f2fe9e3463a5a3e0aaefe5a1c0a4ac36b0058b56ea3ef81065b0

Score

10^/10

blackcat

Family

blackcat

Credentials

Attributes

enable_network_discovery
true
enable_self_propagation
true
enable_set_wallpaper
true
extension
hat2gck
note_file_name
RECOVER-${EXTENSION}-FILES.txt
note_full_text
----Welcome to the Black Cat Ransomware----- Failure to contact us, will result in higher costs at every level for you. And all you / your customers files. >> What happened? Important files on your network was ENCRYPTED and now they have "${EXTENSION}" extension. In order to recover your files you need to follow instructions below. >> Sensitive Data Sensitive data on your network was DOWNLOADED. If you DON'T WANT your sensitive data to be PUBLISHED you have to act quickly. Data includes: -Customers financial info -Your financial info with LLoyds and any other banks. -Invoices. -All the emails database - Employees personal data, CVs, DL, SSN. - Complete network map including credentials for local and remote services. - Private financial information including: clients data, bills, budgets, annual reports, bank statements. >> CAUTION DO NOT MODIFY ENCRYPTED FILES YOURSELF. DO NOT USE THIRD PARTY SOFTWARE TO RESTORE YOUR DATA. YOU MAY DAMAGE YOUR FILES, IT WILL RESULT IN PERMANENT DATA LOSS. >> What should I do next? 1) Download and install Tor Browser from: https://torproject.org/ 2) Navigate to: http://cmzh4nkisvkvyxc6o25ympbq52xphnexikkto5fyx52saaaxfv7piuyd.onion/?access-key=${ACCESS_KEY}

rsa_pubkey.plain