blackbasta | 1a8a283732f920d34233eac14ab03d681f3837b2e759df4ff1dd383249074e46

General

Target

1a8a283732f920d34233eac14ab03d681f3837b2e759df4ff1dd383249074e46
Size

461KB
Sample

221203-habr4sfe8s
MD5

b1c520938a92644d0831b33df52d9e73
SHA1

73d59c49596575a9bb08b87f28ebc7e7f8afec10
SHA256

1a8a283732f920d34233eac14ab03d681f3837b2e759df4ff1dd383249074e46
SHA512

5b513d9701cb6441a0fb33858dd616f10fe1332a2c70725ed1b568032428cbdffad2f2d8cb4dab0503f31dec7cb7d367ae98135c483e28037e66f97280dcd33f
SSDEEP

12288:mXmpJhb0veHINIDfaQ/lHYkVeUlkIDXQxlPnpkcEgNa:m8JhCeHywhkOAxVn6cEh

Score

10^/10

blackbasta ransomware

Malware Config

Extracted

Path

C:\MSOCache\readme.txt

Ransom Note

Your data are stolen and encrypted The data will be published on TOR website if you do not pay the ransom You can contact us and decrypt one file for free on this TOR site (you should download and install TOR browser first https://torproject.org) https://aazsbsgya565vlu2c6bzy6yfiebkcbtvvcytvolt33s77xypi7nypxyd.onion/ Your company id for log in: 533cd596-1fa4-477e-ae86-935498094e86

URLs

https://aazsbsgya565vlu2c6bzy6yfiebkcbtvvcytvolt33s77xypi7nypxyd.onion/

Targets

- Target
  
  1a8a283732f920d34233eac14ab03d681f3837b2e759df4ff1dd383249074e46
- Size
  
  461KB
- MD5
  
  b1c520938a92644d0831b33df52d9e73
- SHA1
  
  73d59c49596575a9bb08b87f28ebc7e7f8afec10
- SHA256
  
  1a8a283732f920d34233eac14ab03d681f3837b2e759df4ff1dd383249074e46
- SHA512
  
  5b513d9701cb6441a0fb33858dd616f10fe1332a2c70725ed1b568032428cbdffad2f2d8cb4dab0503f31dec7cb7d367ae98135c483e28037e66f97280dcd33f
- SSDEEP
  
  12288:mXmpJhb0veHINIDfaQ/lHYkVeUlkIDXQxlPnpkcEgNa:m8JhCeHywhkOAxVn6cEh
Score

10^/10

blackbasta ransomware
- Black Basta
  A ransomware family targeting Windows and Linux ESXi first seen in February 2022.
  ransomware blackbasta
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2