Overview

overview

10

Static

static

3

loader.bat

windows7-x64

10

loader.bat

windows10-2004-x64

3

Resubmissions

20-02-2024 22:17

240220-17tnasfg2y 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fea155f714b3153192dfc11fba84609edf1e78bbb7f1d6979de6a9ab4077099d.zip

  • Size

    1.1MB

  • Sample

    240220-17tnasfg2y

  • MD5

    a17888fb730640f078886d28e0a07b1b

  • SHA1

    d321e6f8397edafb895f3ed1b0b775a35e2e541f

  • SHA256

    753a66f032d0d7a7c310a2e5f98c54e95e3d404400224d592657a02079c668d5

  • SHA512

    ac55c4818541cc98ab88a69629c86a29f28ceb92f1061ea0244d36dda54f7376f11527f5fa158a517f466967db90573999f67ec4d62126dc7e2af58870ffe5b1

  • SSDEEP

    24576:2VuUnOP6B3ORRJe0sAWt20yh2oi6sIz+cXzcGa+Lge1/oz1:2oUnOhSA0Ci6sqIB+Lgyoh

Score
10/10
blackbastaransomwarespywarestealer

Malware Config

Extracted

Path

C:\Program Files\instructions_read_me.txt

Family

blackbasta

Ransom Note
ATTENTION! Your network has been breached and all data was encrypted. Please contact us at: https://bastad5huzwkepdixedg2gekg7jk22ato24zyllp6lnjx7wdtyctgvyd.onion/ Login ID: ab2bada7-004d-468c-8c25-a08517ea2fa0 *!* To access .onion websites download and install Tor Browser at: https://www.torproject.org/ (Tor Browser is not related to us) *!* To restore all your PCs and get your network working again, follow these instructions: - Any attempts to modify, decrypt or rename the files will lead to its fatal corruption. It doesn't matter, who are trying to do this, either it will be your IT guys or a recovery agency. Please follow these simple rules to avoid data corruption: - Do not modify, rename or delete files. Any attempts to modify, decrypt or rename the files will lead to its fatal corruption. - Do not hire a recovery company. They can't decrypt without the key. They also don't care about your business. They believe that they are good negotiators, but it is not. They usually fail. So speak for yourself. Waiting you in a chat.
URLs

https://bastad5huzwkepdixedg2gekg7jk22ato24zyllp6lnjx7wdtyctgvyd.onion/

Targets

    • Target

      loader.bat

    • Size

      94B

    • MD5

      921239f27bb2234b67d59178f126c4e3

    • SHA1

      dcfb337b410b40159c6cecc298728246745250e8

    • SHA256

      72098b728205382cccae1513b4758851372139a8e881066c679ce7321fb29ba6

    • SHA512

      3df002ba6bf11f6b6b0d2dac2f940090b9160b8af124f9c36fefa57964562b9f4edffc2aa250633704f26fa720c770814d693a9ba0f93a55cbae8b0e65fcc7a1

    Score
    10/10
    blackbastaransomwarespywarestealer

    • Black Basta

      A ransomware family targeting Windows and Linux ESXi first seen in February 2022.

      ransomwareblackbasta

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Drops desktop.ini file(s)

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks