blackbasta | cce74c82a718be7484abf7c51011793f2717cfb2068c92aa35416a93cbd13cfa

General

Target

cce74c82a718be7484abf7c51011793f2717cfb2068c92aa35416a93cbd13cfa.exe
Size

543KB
Sample

221130-3t8amsfe92
MD5

f05dac112cd3174c385d10158b6080fb
SHA1

579b245a6609903d804f957083b9e0b2ed145f5a
SHA256

cce74c82a718be7484abf7c51011793f2717cfb2068c92aa35416a93cbd13cfa
SHA512

213891e6f5a16726a86c51eb67e8c4cf8bcf7d2b6a688c13614145445180f5458f808d124e5e398da2335a8c4484709c6124d4268bed1335d6338b733bb51a55
SSDEEP

12288:z1DTMHixr1moQqUiXINDl/m1s6BQio67VlAU:BzmoQqUiXw2s6yiVxR

Score

10^/10

blackbasta ransomware

Malware Config

Extracted

Path

C:\readme.txt

Ransom Note

Your data are stolen and encrypted The data will be published on TOR website if you do not pay the ransom You can contact us and decrypt one file for free on this TOR site (you should download and install TOR browser first https://torproject.org) https://aazsbsgya565vlu2c6bzy6yfiebkcbtvvcytvolt33s77xypi7nypxyd.onion:80/ Your company id for log in: ba7a7058-3531-4b67-bae6-d602e9110361

URLs

https://aazsbsgya565vlu2c6bzy6yfiebkcbtvvcytvolt33s77xypi7nypxyd.onion:80/

Targets

- Target
  
  cce74c82a718be7484abf7c51011793f2717cfb2068c92aa35416a93cbd13cfa.exe
- Size
  
  543KB
- MD5
  
  f05dac112cd3174c385d10158b6080fb
- SHA1
  
  579b245a6609903d804f957083b9e0b2ed145f5a
- SHA256
  
  cce74c82a718be7484abf7c51011793f2717cfb2068c92aa35416a93cbd13cfa
- SHA512
  
  213891e6f5a16726a86c51eb67e8c4cf8bcf7d2b6a688c13614145445180f5458f808d124e5e398da2335a8c4484709c6124d4268bed1335d6338b733bb51a55
- SSDEEP
  
  12288:z1DTMHixr1moQqUiXINDl/m1s6BQio67VlAU:BzmoQqUiXw2s6yiVxR
Score

10^/10

blackbasta ransomware
- Black Basta
  A ransomware family targeting Windows and Linux ESXi first seen in February 2022.
  ransomware blackbasta
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2