Overview

overview

10

Static

static

10

3c8ad2dae0...dc.exe

windows7-x64

10

3c8ad2dae0...dc.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    110s
  • max time network
    98s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30-12-2023 16:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3c8ad2dae0b1bb536925b4e8d5a87e77c6134371eada2c7628358d6c6d3083dc.exe

  • Size

    2.9MB

  • MD5

    5178bd507c07bc2d5274e0947834e48e

  • SHA1

    dd69b20eb1931487d8b65060f2be3671bd5baf33

  • SHA256

    3c8ad2dae0b1bb536925b4e8d5a87e77c6134371eada2c7628358d6c6d3083dc

  • SHA512

    4db7e98aaaf177fab9faa12f7ae9ee9415ef81fc0b0b31eb47b14fbf04ed899c32df70b984d0b6b2acf43e3a62d9c48624fe2ad86eccc5d0cb1015fc65983341

  • SSDEEP

    49152:HFyDutqkpj1TFUoXhjEjHjTu5tCeOZobIMfutoqKNi/RgaJ2weF:HFyDkNLXVEbjTuieOaR2+6vwweF

Score
10/10
blackcatransomware

Malware Config

Extracted

Family

blackcat

Attributes
  • enable_network_discovery

    true

  • enable_self_propagation

    true

  • enable_set_wallpaper

    true

  • extension

    cvz8n37

  • note_file_name

    RECOVER-${EXTENSION}-FILES.txt

  • note_full_text

    >> What happened? Important files on your network was ENCRYPTED and now they have "${EXTENSION}" extension. In order to recover your files you need to follow instructions below. >> Sensitive Data Sensitive data on your network was DOWNLOADED. If you DON'T WANT your sensitive data to be PUBLISHED you have to act quickly. Data includes: - Employees personal data, CVs, DL, SSN. - Complete network map including credentials for local and remote services. - Private financial information including: clients data, bills, budgets, annual reports, bank statements. - Manufacturing documents including: datagrams, schemas, drawings in solidworks format - And more... >> CAUTION DO NOT MODIFY ENCRYPTED FILES YOURSELF. DO NOT USE THIRD PARTY SOFTWARE TO RESTORE YOUR DATA. YOU MAY DAMAGE YOUR FILES, IT WILL RESULT IN PERMANENT DATA LOSS. >> What should I do next? 1) Download and install Tor Browser from: https://torproject.org/ 2) Navigate to: http://gbxbwicx3x35kn7n73opnpp4kkzjcra42iv2akoo2dcjinf6jf6qbuyd.onion/?access-key=${ACCESS_KEY}

rsa_pubkey.plain

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\3c8ad2dae0b1bb536925b4e8d5a87e77c6134371eada2c7628358d6c6d3083dc.exe
    "C:\Users\Admin\AppData\Local\Temp\3c8ad2dae0b1bb536925b4e8d5a87e77c6134371eada2c7628358d6c6d3083dc.exe"
    1⤵
      PID:3508

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/3508-0-0x0000000000400000-0x00000000006F6000-memory.dmp

      Filesize

      3.0MB

      Download