blackbasta | 449d87ca461823bb85c18102605e23997012b522c4272465092e923802a745e9

General

Target

449d87ca461823bb85c18102605e23997012b522c4272465092e923802a745e9.zip
Size

542KB
Sample

221103-k3a3dsgeg8
MD5

6f9f4b7e63692eb7dcbc0957d3e7530e
SHA1

0b0699b324dfcd6fc40abe39d2eef7d95f1dd782
SHA256

449d87ca461823bb85c18102605e23997012b522c4272465092e923802a745e9
SHA512

76d12f5b5920450996db17b626c3e1745b262afee14bace3ba5342e77d08c8b2aa35304d6835c9cb148fffcbb81deccd21f9f1260a7e44de2a8c9c03038afc80
SSDEEP

12288:2rkm8R9qXgmj3d7khtgfpedbKbiTuDZWhswtik5j2w+fH:BUjt7+twpedbKb1dWhse9KV

Score

10^/10

blackbasta ransomware

Malware Config

Extracted

Path

C:\MSOCache\readme.txt

Ransom Note

Your data are stolen and encrypted The data will be published on TOR website if you do not pay the ransom You can contact us and decrypt one file for free on this TOR site (you should download and install TOR browser first https://torproject.org) https://aazsbsgya565vlu2c6bzy6yfiebkcbtvvcytvolt33s77xypi7nypxyd.onion/ Your company id for log in: 5c33d3df-a9bf-4899-a852-b2d2ce9944ec

URLs

https://aazsbsgya565vlu2c6bzy6yfiebkcbtvvcytvolt33s77xypi7nypxyd.onion/

Targets

- Target
  
  9a55f55886285eef7ffabdd55c0232d1458175b1d868c03d3e304ce7d98980bc.exe
- Size
  
  542KB
- MD5
  
  c115bbbdb1a61f8c553d74802bfd78fb
- SHA1
  
  1f439569e3c1c14ea9f02235f8f45c49e2764160
- SHA256
  
  9a55f55886285eef7ffabdd55c0232d1458175b1d868c03d3e304ce7d98980bc
- SHA512
  
  6ad701415ce5e1f94144a979f7e347499ecd80e4de4705dbe9570ad53a90b58034ea98f2ec9d257a330ec47ffeacdbd420f581ad8a4d76b0c7ad4bb198b1ab84
- SSDEEP
  
  12288:trkm8R9qXgmj3d7khtgfpedbKbiTuDZWhswtik5j2w+f:2Ujt7+twpedbKb1dWhse9K
Score

10^/10

blackbasta ransomware
- Black Basta
  A ransomware family targeting Windows and Linux ESXi first seen in February 2022.
  ransomware blackbasta
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2