blackbasta | d02e90d20c017aeed7641a978b2c99fb2bdaceaab0c387b332525dee3d8496ab

General

Target

9799297463.zip
Size

3.2MB
Sample

230330-pnymcscf32
MD5

10577e33d4240905be88fabbcbb5a8f4
SHA1

050fcee93af019a0d436d4e32653ee9d2152d941
SHA256

d02e90d20c017aeed7641a978b2c99fb2bdaceaab0c387b332525dee3d8496ab
SHA512

1155ec2a5362185e11186c5d629aced2c3fa5f37fa561a22c5b561ea5d6afd013d2713e042e766be90485a6a7998b69bded193d64abbf5c236e4d9aa8f8f9e1c
SSDEEP

98304:DBMVSycfkIQHWwTDnglCXkpMmz1eA5bmc:DB9y87Q2CDn8CUhEwv

Score

10^/10

Malware Config

Extracted

Path

C:\ProgramData\readme.txt

Ransom Note

Your data are stolen and encrypted The data will be published on TOR website if you do not pay the ransom You can contact us and decrypt one file for free on this TOR site (you should download and install TOR browser first https://torproject.org) https://aazsbsgya565vlu2c6bzy6yfiebkcbtvvcytvolt33s77xypi7nypxyd.onion/ Your company id for log in: ea3d3d33-1635-47f7-a1a4-0078267b30bb

URLs

https://aazsbsgya565vlu2c6bzy6yfiebkcbtvvcytvolt33s77xypi7nypxyd.onion/

Targets

- Target
  
  21033cd24a9d775d7daa7bbc5c5b007553f205ac0febb6bae3fa35c700676bda
- Size
  
  7.0MB
- MD5
  
  ed891e4fd173700fac93b3dda30517c9
- SHA1
  
  e05e9cc2f28bcd17f5285a34db2894bad9ccd53a
- SHA256
  
  21033cd24a9d775d7daa7bbc5c5b007553f205ac0febb6bae3fa35c700676bda
- SHA512
  
  58d3254bca944cb60450e3ac352a3674ca5a1dea1142112726349931cbed6428e5db03004480d218bf4c63ce6d9847e74dfe9f0da455c9587cf47c5a7089e7fc
- SSDEEP
  
  98304:wkwtlijhe6cZyFAz5FNZiTfVFScxge3SO9o:wkilvxFNkxpx/19o
Score

10^/10

blackbasta ransomware
- Black Basta
  A ransomware family targeting Windows and Linux ESXi first seen in February 2022.
  ransomware blackbasta
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2