blackbasta | 653da5127b0ecbc5c373ce510c0d5191f61f2df912c9b6f4989aa3775933bc33

General

Target

653da5127b0ecbc5c373ce510c0d5191f61f2df912c9b6f4989aa3775933bc33
Size

464KB
Sample

221203-hgy6zsgb9z
MD5

1c9880912a1c9229b4c3120dcbfd1322
SHA1

0ae047b7fe5d688638b9a33423c754c911d4dbe4
SHA256

653da5127b0ecbc5c373ce510c0d5191f61f2df912c9b6f4989aa3775933bc33
SHA512

e7df5a6da7ff6d1878bd670e963d80cb060f1e6e5c8c729c0181f1f97ddd0293a0233886e7c8fd6275afc654b99642ba9d756303ebfdee153ba84c024b389fef
SSDEEP

6144:GeafQzobGtL9sNP3IlXt4HSS53/7krnpMIg3D/Io5hTvpKqXy2dlFGYOxEpXir7s:SfQ5tLcSf27FFDXRRdf0UPb

Score

10^/10

blackbasta ransomware

Malware Config

Extracted

Path

C:\MSOCache\readme.txt

Ransom Note

Your data are stolen and encrypted The data will be published on TOR website if you do not pay the ransom You can contact us and decrypt one file for free on this TOR site (you should download and install TOR browser first https://torproject.org) https://aazsbsgya565vlu2c6bzy6yfiebkcbtvvcytvolt33s77xypi7nypxyd.onion/ Your company id for log in: eeded09d-2ac0-4e69-bf25-875cd524e744

URLs

https://aazsbsgya565vlu2c6bzy6yfiebkcbtvvcytvolt33s77xypi7nypxyd.onion/

Targets

- Target
  
  653da5127b0ecbc5c373ce510c0d5191f61f2df912c9b6f4989aa3775933bc33
- Size
  
  464KB
- MD5
  
  1c9880912a1c9229b4c3120dcbfd1322
- SHA1
  
  0ae047b7fe5d688638b9a33423c754c911d4dbe4
- SHA256
  
  653da5127b0ecbc5c373ce510c0d5191f61f2df912c9b6f4989aa3775933bc33
- SHA512
  
  e7df5a6da7ff6d1878bd670e963d80cb060f1e6e5c8c729c0181f1f97ddd0293a0233886e7c8fd6275afc654b99642ba9d756303ebfdee153ba84c024b389fef
- SSDEEP
  
  6144:GeafQzobGtL9sNP3IlXt4HSS53/7krnpMIg3D/Io5hTvpKqXy2dlFGYOxEpXir7s:SfQ5tLcSf27FFDXRRdf0UPb
Score

10^/10

blackbasta ransomware
- Black Basta
  A ransomware family targeting Windows and Linux ESXi first seen in February 2022.
  ransomware blackbasta
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2