Overview

overview

10

Static

static

1

winprofile

windows7-x64

9

winprofile

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    350ba7fca67721c74385faff083914ecdd66ef107a765dfb7ac08b38d5c9c0bd

  • Size

    737KB

  • Sample

    240514-fmhebacb57

  • MD5

    0bf7bc20496143a9f028e77ab47b4698

  • SHA1

    aa54013aeb502b4a936331deb76a6411f1f1ade7

  • SHA256

    350ba7fca67721c74385faff083914ecdd66ef107a765dfb7ac08b38d5c9c0bd

  • SHA512

    5e94cd77c4ad6dfa1064915ca0f4d117a2e3a4e924d05a16df0b223a5a0cbcb6124627e41d184aa0584f3ff3bbd5f9f913964887c7eb140e105317d4f5709981

  • SSDEEP

    12288:bO+sm75a7DI9Mv53VI/XfaUs442JbV24chSS1i2wZbDFMMWzVFq:rh75a7M9S3VYa4npY4cFM2MWhY

Score
10/10
blackbastadefense_evasionexecutionimpactransomwarespywarestealer

Malware Config

Extracted

Path

C:\Program Files (x86)\instructions_read_me.txt

Family

blackbasta

Ransom Note
ATTENTION! Your network has been breached and all data was encrypted. Please contact us at: https://aazsbsgya565vlu2c6bzy6yfiebkcbtvvcytvolt33s77xypi7nypxyd.onion/ Login ID: 2943b2b6-dc20-44a7-9dc4-94f7cb67f695 *!* To access .onion websites download and install Tor Browser at: https://www.torproject.org/ (Tor Browser is not related to us) *!* To restore all your PCs and get your network working again, follow these instructions: - Any attempts to modify, decrypt or rename the files will lead to its fatal corruption. It doesn't matter, who are trying to do this, either it will be your IT guys or a recovery agency. Please follow these simple rules to avoid data corruption: - Do not modify, rename or delete files. Any attempts to modify, decrypt or rename the files will lead to its fatal corruption. - Do not hire a recovery company. They can't decrypt without the key. They also don't care about your business. They believe that they are good negotiators, but it is not. They usually fail. So speak for yourself. Waiting you in a chat.
URLs

https://aazsbsgya565vlu2c6bzy6yfiebkcbtvvcytvolt33s77xypi7nypxyd.onion/

Targets

    • Target

      350ba7fca67721c74385faff083914ecdd66ef107a765dfb7ac08b38d5c9c0bd

    • Size

      737KB

    • MD5

      0bf7bc20496143a9f028e77ab47b4698

    • SHA1

      aa54013aeb502b4a936331deb76a6411f1f1ade7

    • SHA256

      350ba7fca67721c74385faff083914ecdd66ef107a765dfb7ac08b38d5c9c0bd

    • SHA512

      5e94cd77c4ad6dfa1064915ca0f4d117a2e3a4e924d05a16df0b223a5a0cbcb6124627e41d184aa0584f3ff3bbd5f9f913964887c7eb140e105317d4f5709981

    • SSDEEP

      12288:bO+sm75a7DI9Mv53VI/XfaUs442JbV24chSS1i2wZbDFMMWzVFq:rh75a7M9S3VYa4npY4cFM2MWhY

    Score
    10/10
    defense_evasionexecutionimpactransomwareblackbastaspywarestealer

    • Black Basta

      A ransomware family targeting Windows and Linux ESXi first seen in February 2022.

      ransomwareblackbasta

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomwaredefense_evasionimpactexecution

    • Renames multiple (9508) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Drops desktop.ini file(s)

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks