Overview

overview

10

Static

static

3

txt.exe

windows7-x64

10

txt.exe

windows10-2004-x64

10

Resubmissions

15-03-2024 10:54

240315-mz23tagg69 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    txt.exe

  • Size

    885KB

  • Sample

    240315-mz23tagg69

  • MD5

    497ef4779c6770e4497adf0bc71655f1

  • SHA1

    328a8793323f11c1d0c5f3ddedf4ae10caafb063

  • SHA256

    62e63388953bb30669b403867a3ac2c8130332cf78133f7fd4a7f23cdc939087

  • SHA512

    35c2c131a84205ecda974fc0cdf93db38184547586c28671379b13b98311289459b5b87c6c8ffa3233ccd42953d4faef47e27195ecd40011cc72cbf3b3e5af35

  • SSDEEP

    24576:pAWf/LUup7zmMl8tOKnvwYQ62jaeekMEoBmn64:pTUS2Ml8trnvwYQ62japkMEQS64

Score
10/10
blackbastapersistenceransomwarespywarestealer

Malware Config

Extracted

Path

C:\Program Files\instructions_read_me.txt

Family

blackbasta

Ransom Note
ATTENTION! Your network has been breached and all data was encrypted. Please contact us at: https://bastad5huzwkepdixedg2gekg7jk22ato24zyllp6lnjx7wdtyctgvyd.onion/ Login ID: 91ff2d86-ecd6-429f-9cfe-ef43ac53155b *!* To access .onion websites download and install Tor Browser at: https://www.torproject.org/ (Tor Browser is not related to us) *!* To restore all your PCs and get your network working again, follow these instructions: - Any attempts to modify, decrypt or rename the files will lead to its fatal corruption. It doesn't matter, who are trying to do this, either it will be your IT guys or a recovery agency. Please follow these simple rules to avoid data corruption: - Do not modify, rename or delete files. Any attempts to modify, decrypt or rename the files will lead to its fatal corruption. - Do not hire a recovery company. They can't decrypt without the key. They also don't care about your business. They believe that they are good negotiators, but it is not. They usually fail. So speak for yourself. Waiting you in a chat.
URLs

https://bastad5huzwkepdixedg2gekg7jk22ato24zyllp6lnjx7wdtyctgvyd.onion/

Targets

    • Target

      txt.exe

    • Size

      885KB

    • MD5

      497ef4779c6770e4497adf0bc71655f1

    • SHA1

      328a8793323f11c1d0c5f3ddedf4ae10caafb063

    • SHA256

      62e63388953bb30669b403867a3ac2c8130332cf78133f7fd4a7f23cdc939087

    • SHA512

      35c2c131a84205ecda974fc0cdf93db38184547586c28671379b13b98311289459b5b87c6c8ffa3233ccd42953d4faef47e27195ecd40011cc72cbf3b3e5af35

    • SSDEEP

      24576:pAWf/LUup7zmMl8tOKnvwYQ62jaeekMEoBmn64:pTUS2Ml8trnvwYQ62japkMEQS64

    Score
    10/10
    blackbastapersistenceransomwarespywarestealer

    • Black Basta

      A ransomware family targeting Windows and Linux ESXi first seen in February 2022.

      ransomwareblackbasta

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Drops desktop.ini file(s)

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks