blackbasta | a083060d38984e7c6f36dcd2c57ec1aa3f50f9c201c8538257c8cbf2b3217e96

General

Target

a083060d38984e7c6f36dcd2c57ec1aa3f50f9c201c8538257c8cbf2b3217e96.exe
Size

720KB
Sample

221130-3c23aseb37
MD5

0c69e91c2f54978ae3103b26686b2610
SHA1

3e3b113a5ab64e03ffe86e0fa9a2163816f9ecdf
SHA256

a083060d38984e7c6f36dcd2c57ec1aa3f50f9c201c8538257c8cbf2b3217e96
SHA512

7f4be495be8d9bc4bf825a2846d1888e93f137820c172488febfba13e06f83eb5ce7d0873d752cc9627e6a613dc137c2e8b8d9519f2339c1a6dd7f6c82b66212
SSDEEP

12288:9yufBWp/QcYqt+QxxbxgU532BjZak//A6/NLaBCfwYkijMsZ2rEIaOtZBQipEen7:9yufBWpW3/k6M7tZBLpEelW3it

Score

10^/10

blackbasta ransomware

Malware Config

Extracted

Path

C:\MSOCache\readme.txt

Ransom Note

Your data are stolen and encrypted The data will be published on TOR website if you do not pay the ransom You can contact us and decrypt one file for free on this TOR site (you should download and install TOR browser first https://torproject.org) https://aazsbsgya565vlu2c6bzy6yfiebkcbtvvcytvolt33s77xypi7nypxyd.onion/ Your company id for log in: ea3d3d33-1635-47f7-a1a4-0078267b30bb

URLs

https://aazsbsgya565vlu2c6bzy6yfiebkcbtvvcytvolt33s77xypi7nypxyd.onion/

Targets

- Target
  
  a083060d38984e7c6f36dcd2c57ec1aa3f50f9c201c8538257c8cbf2b3217e96.exe
- Size
  
  720KB
- MD5
  
  0c69e91c2f54978ae3103b26686b2610
- SHA1
  
  3e3b113a5ab64e03ffe86e0fa9a2163816f9ecdf
- SHA256
  
  a083060d38984e7c6f36dcd2c57ec1aa3f50f9c201c8538257c8cbf2b3217e96
- SHA512
  
  7f4be495be8d9bc4bf825a2846d1888e93f137820c172488febfba13e06f83eb5ce7d0873d752cc9627e6a613dc137c2e8b8d9519f2339c1a6dd7f6c82b66212
- SSDEEP
  
  12288:9yufBWp/QcYqt+QxxbxgU532BjZak//A6/NLaBCfwYkijMsZ2rEIaOtZBQipEen7:9yufBWpW3/k6M7tZBLpEelW3it
Score

10^/10

blackbasta ransomware
- Black Basta
  A ransomware family targeting Windows and Linux ESXi first seen in February 2022.
  ransomware blackbasta
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2