blackbasta | 15abbff9fbce7f5782c1654775938dcd2ce0a8ebd683a008547f8a4e421888c4

General

Target

15abbff9fbce7f5782c1654775938dcd2ce0a8ebd683a008547f8a4e421888c4.exe
Size

545KB
Sample

221130-2ertnsed2w
MD5

6a202e9a95f58938d02385e31d43ed87
SHA1

53628c7a155ccb7af1135140083939018d3587f1
SHA256

15abbff9fbce7f5782c1654775938dcd2ce0a8ebd683a008547f8a4e421888c4
SHA512

c6684838b84499dc97c75f33c1d3be29c654b90d2f0293c33af6a986facc8a673275a0f33a82f43aa1a8e67684b07092e462b1e2c309450a9ec0486ec7b4a7d1
SSDEEP

12288:tM9fIMGezCq1kWOgb/VPFAQxSNJ4krheZfIVWRkn8oXdd6:hbq1kWJb9PFAQxgJheZfY8gdI

Score

10^/10

blackbasta ransomware

Malware Config

Extracted

Path

C:\MSOCache\readme.txt

Ransom Note

Your data are stolen and encrypted The data will be published on TOR website if you do not pay the ransom You can contact us and decrypt one file for free on this TOR site (you should download and install TOR browser first https://torproject.org) https://aazsbsgya565vlu2c6bzy6yfiebkcbtvvcytvolt33s77xypi7nypxyd.onion/ Your company id for log in: ea3d3d33-1635-47f7-a1a4-0078267b30bb

URLs

https://aazsbsgya565vlu2c6bzy6yfiebkcbtvvcytvolt33s77xypi7nypxyd.onion/

Targets

- Target
  
  15abbff9fbce7f5782c1654775938dcd2ce0a8ebd683a008547f8a4e421888c4.exe
- Size
  
  545KB
- MD5
  
  6a202e9a95f58938d02385e31d43ed87
- SHA1
  
  53628c7a155ccb7af1135140083939018d3587f1
- SHA256
  
  15abbff9fbce7f5782c1654775938dcd2ce0a8ebd683a008547f8a4e421888c4
- SHA512
  
  c6684838b84499dc97c75f33c1d3be29c654b90d2f0293c33af6a986facc8a673275a0f33a82f43aa1a8e67684b07092e462b1e2c309450a9ec0486ec7b4a7d1
- SSDEEP
  
  12288:tM9fIMGezCq1kWOgb/VPFAQxSNJ4krheZfIVWRkn8oXdd6:hbq1kWJb9PFAQxgJheZfY8gdI
Score

10^/10

blackbasta ransomware
- Black Basta
  A ransomware family targeting Windows and Linux ESXi first seen in February 2022.
  ransomware blackbasta
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2