General

  • Target

    723d1cf3d74fb3ce95a77ed9dff257a78c8af8e67a82963230dd073781074224.exe

  • Size

    1.4MB

  • Sample

    240408-h931msfb4t

  • MD5

    6441d7260944bcedc5958c5c8a05d16d

  • SHA1

    46257982840493eca90e051ff1749e7040895584

  • SHA256

    723d1cf3d74fb3ce95a77ed9dff257a78c8af8e67a82963230dd073781074224

  • SHA512

    af88fd3a0a2728c811be524feee575d8d2d9623b7944021c83173e40dbec6b1fbe7bea64dcdd8f1dbebc7d8df76b40e5c9647e2586316ea46ceb191ebcf14d89

  • SSDEEP

    24576:1p2gwjk6ikYhJ9lvGnYZvy48/V33ck7LnBAyldFu8hod/Qodly:1AgxkmvGnYWccjBAwFadRd

Malware Config

Extracted

Path

C:\Program Files\instructions_read_me.txt

Family

blackbasta

Ransom Note
ATTENTION! Your network has been breached and all data was encrypted. Please contact us at: https://bastad5huzwkepdixedg2gekg7jk22ato24zyllp6lnjx7wdtyctgvyd.onion/ Login ID: 26d371a9-efda-4e82-9989-01e292244d65 *!* To access .onion websites download and install Tor Browser at: https://www.torproject.org/ (Tor Browser is not related to us) *!* To restore all your PCs and get your network working again, follow these instructions: - Any attempts to modify, decrypt or rename the files will lead to its fatal corruption. It doesn't matter, who are trying to do this, either it will be your IT guys or a recovery agency. Please follow these simple rules to avoid data corruption: - Do not modify, rename or delete files. Any attempts to modify, decrypt or rename the files will lead to its fatal corruption. - Do not hire a recovery company. They can't decrypt without the key. They also don't care about your business. They believe that they are good negotiators, but it is not. They usually fail. So speak for yourself. Waiting you in a chat.
URLs

https://bastad5huzwkepdixedg2gekg7jk22ato24zyllp6lnjx7wdtyctgvyd.onion/

Targets

    • Target

      723d1cf3d74fb3ce95a77ed9dff257a78c8af8e67a82963230dd073781074224.exe

    • Size

      1.4MB

    • MD5

      6441d7260944bcedc5958c5c8a05d16d

    • SHA1

      46257982840493eca90e051ff1749e7040895584

    • SHA256

      723d1cf3d74fb3ce95a77ed9dff257a78c8af8e67a82963230dd073781074224

    • SHA512

      af88fd3a0a2728c811be524feee575d8d2d9623b7944021c83173e40dbec6b1fbe7bea64dcdd8f1dbebc7d8df76b40e5c9647e2586316ea46ceb191ebcf14d89

    • SSDEEP

      24576:1p2gwjk6ikYhJ9lvGnYZvy48/V33ck7LnBAyldFu8hod/Qodly:1AgxkmvGnYWccjBAwFadRd

    • Black Basta

      A ransomware family targeting Windows and Linux ESXi first seen in February 2022.

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Renames multiple (3187) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks