Overview

overview

10

Static

static

10

13828b390d...31.exe

windows10-1703-x64

1

13828b390d...31.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    13828b390d5f58b002e808c2c4f02fdd920e236cc8015480fa33b6c1a9300e31.7z

  • Size

    1.3MB

  • MD5

    9aa7e64c17eda3557f888a81ca35bb41

  • SHA1

    c2000fa2dd28a5a0d574512cdf161b1f16828072

  • SHA256

    3679c309062fab650e1c323307fcdf6d07d16ab7d3db247c61b7fd3c0f2b5459

  • SHA512

    d5d52f96b14eb587b976ec8a2874e656b2a23828a4f5e82ce9e0e378b6eacea8ccd69e0779aa7606b9a038442485338e1d6fdb8ea7bcfcab88fe39e70229f0c4

  • SSDEEP

    24576:V/0IP4cVYzaxaGjsSjOJMYC/vV/JFjBU+iQ2STCJ4yUj8bTqi:CwHyzyjOSYAfjBU+3yUQKi

Score
10/10
blackcat

Malware Config

Extracted

Family

blackcat

Credentials
  • Username:
    NANOFOCUS.LOCAL\Administrator
  • Password:
    368CkbIna?#
Attributes
  • enable_network_discovery

    true

  • enable_self_propagation

    true

  • enable_set_wallpaper

    true

  • extension

    mfqssdj

  • note_file_name

    RECOVER-${EXTENSION}-FILES.txt

  • note_full_text

    >> What happened? Important files on your network was ENCRYPTED and now they have "${EXTENSION}" extension. In order to recover your files you need to follow instructions below. >> Sensitive Data Sensitive data on your system was DOWNLOADED. If you DON'T WANT your sensitive data to be PUBLISHED you have to act quickly. Data includes: - Employees personal data, CVs, DL, SSN. - Complete network map including credentials for local and remote services. - Private financial information including: clients data, bills, budgets, annual reports, bank statements. - Manufacturing documents including: datagrams, schemas, drawings in solidworks format. - Source code. -And more... >> CAUTION DO NOT MODIFY ENCRYPTED FILES YOURSELF. DO NOT USE THIRD PARTY SOFTWARE TO RESTORE YOUR DATA. YOU MAY DAMAGE YOUR FILES, IT WILL RESULT IN PERMANENT DATA LOSS. >> What should I do next? Follow these simple steps to get everything back to normal: 1) Download and install Tor Browser from: https://torproject.org/ 2) Navigate to: http://b4twqa2mvob3s6uvuyfra5xk3qgps2v5kkt7k2qnb7rpdu3j4fkntead.onion/?access-key=${ACCESS_KEY}

rsa_pubkey.plain

Signatures

Files

  • 13828b390d5f58b002e808c2c4f02fdd920e236cc8015480fa33b6c1a9300e31.7z
    .7z

    Password: infected

  • 13828b390d5f58b002e808c2c4f02fdd920e236cc8015480fa33b6c1a9300e31
    .exe windows x86

    Password: infected

    55c1bce75ad836c886b7fb6bca398063


    Headers

    Imports

    Sections