blackbasta | 9bbe6414ce22cb5e19f294004cb5cdbc883479d99629ddcdb5b70e9806306e42

General

Target

9bbe6414ce22cb5e19f294004cb5cdbc883479d99629ddcdb5b70e9806306e42
Size

1.0MB
Sample

221203-gs6vjaah56
MD5

f3f3f1717861c4183e850d8dcbf9c916
SHA1

e2bbe3e9318c46c7fccd96d21cee6acda4092ccc
SHA256

9bbe6414ce22cb5e19f294004cb5cdbc883479d99629ddcdb5b70e9806306e42
SHA512

99fe468ed5154eb0039652946aac239f870e21e7b3dba6ea432598f83584a7df9ec886cc682de53dea35d22d076e70fc36680096d3d7e3632dd48b7077ce3766
SSDEEP

24576:YiM4g9TQwJqOvKpHyGipz0HpzxMbDegtYeC5JmD:YiW9T1U6ilMbiYpD

Score

10^/10

blackbasta ransomware

Malware Config

Extracted

Path

C:\odt\readme.txt

Ransom Note

Your data are stolen and encrypted The data will be published on TOR website if you do not pay the ransom You can contact us and decrypt one file for free on this TOR site (you should download and install TOR browser first https://torproject.org) https://aazsbsgya565vlu2c6bzy6yfiebkcbtvvcytvolt33s77xypi7nypxyd.onion/ Your company id for log in: ca8af87d-d1c8-45d4-8e60-ce05a9f09587

URLs

https://aazsbsgya565vlu2c6bzy6yfiebkcbtvvcytvolt33s77xypi7nypxyd.onion/

Targets

- Target
  
  9bbe6414ce22cb5e19f294004cb5cdbc883479d99629ddcdb5b70e9806306e42
- Size
  
  1.0MB
- MD5
  
  f3f3f1717861c4183e850d8dcbf9c916
- SHA1
  
  e2bbe3e9318c46c7fccd96d21cee6acda4092ccc
- SHA256
  
  9bbe6414ce22cb5e19f294004cb5cdbc883479d99629ddcdb5b70e9806306e42
- SHA512
  
  99fe468ed5154eb0039652946aac239f870e21e7b3dba6ea432598f83584a7df9ec886cc682de53dea35d22d076e70fc36680096d3d7e3632dd48b7077ce3766
- SSDEEP
  
  24576:YiM4g9TQwJqOvKpHyGipz0HpzxMbDegtYeC5JmD:YiW9T1U6ilMbiYpD
Score

10^/10

blackbasta ransomware
- Black Basta
  A ransomware family targeting Windows and Linux ESXi first seen in February 2022.
  ransomware blackbasta
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Sets desktop wallpaper using registry
  ransomware
- Suspicious use of SetThreadContext
behavioral1 behavioral2