Overview

overview

10

Static

static

10

f837f1cd60...cb.exe

windows7-x64

10

f837f1cd60...cb.exe

windows10-2004-x64

10

Resubmissions

22-05-2024 12:23

240522-pkt5rsah6s 10

22-05-2024 12:21

240522-pjp5esae34 10

05-05-2024 12:31

240505-pqcsnsdc87 10

Analysis

  • max time kernel
    119s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    22-05-2024 12:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f837f1cd60e9941aa60f7be50a8f2aaaac380f560db8ee001408f35c1b7a97cb.exe

  • Size

    2.9MB

  • MD5

    817f4bf0b4d0fc327fdfc21efacddaee

  • SHA1

    8917af3878fa49fe4ec930230b881ff0ae8d19c9

  • SHA256

    f837f1cd60e9941aa60f7be50a8f2aaaac380f560db8ee001408f35c1b7a97cb

  • SHA512

    b0f8c0f3e18765606db9c29199b617f5a757c5b12cdddeac1e91deaadef790b1134eb3c009b0eab36096391d93c8fa6abcb983426bc506ae79a63cadb7ea954b

  • SSDEEP

    49152:rAnCsMZjVpVbl4D5GzNMFsl4UROAUc1y32ZxJFi4NE/RgaJ2w1M:rAnCs8pVblGyNM+l4UxUc1BhFyvww1M

Score
10/10
blackcatransomware

Malware Config

Extracted

Family

blackcat

Attributes
  • enable_network_discovery

    true

  • enable_self_propagation

    true

  • enable_set_wallpaper

    true

  • extension

    7954i9r

  • note_file_name

    RECOVER-${EXTENSION}-FILES.txt

  • note_full_text

    >> Introduction Important files on your system was ENCRYPTED and now they have have "${EXTENSION}" extension. In order to recover your files you need to follow instructions below. >> Sensitive Data Sensitive data on your system was DOWNLOADED and it will be PUBLISHED if you refuse to cooperate. Data includes: - Employees personal data, CVs, DL, SSN. - Complete network map including credentials for local and remote services. - Financial information including clients data, bills, budgets, annual reports, bank statements. - Complete datagrams/schemas/drawings for manufacturing in solidworks format - And more... Private preview is published here: http://alphvmmm27o3abo3r2mlmjrpdmzle3rykajqc5xsj7j7ejksbpsa36ad.onion/336eb50d-ebf8-436b-937d-ec075de46e7f/419ef3f950d9f346cf86db56db453539dcd51567ea871728e78dbc9918c7efeb >> CAUTION DO NOT MODIFY FILES YOURSELF. DO NOT USE THIRD PARTY SOFTWARE TO RESTORE YOUR DATA. YOU MAY DAMAGE YOUR FILES, IT WILL RESULT IN PERMANENT DATA LOSS. YOUR DATA IS STRONGLY ENCRYPTED, YOU CAN NOT DECRYPT IT WITHOUT CIPHER KEY. >> Recovery procedure Follow these simple steps to get in touch and recover your data: 1) Download and install Tor Browser from: https://torproject.org/ 2) Navigate to: http://sty5r4hhb5oihbq2mwevrofdiqbgesi66rvxr5sr573xgvtuvr4cs5yd.onion/?access-key=${ACCESS_KEY}

rsa_pubkey.plain

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\f837f1cd60e9941aa60f7be50a8f2aaaac380f560db8ee001408f35c1b7a97cb.exe
    "C:\Users\Admin\AppData\Local\Temp\f837f1cd60e9941aa60f7be50a8f2aaaac380f560db8ee001408f35c1b7a97cb.exe"
    1⤵
      PID:2312

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2312-0-0x0000000000400000-0x00000000006F3000-memory.dmp

      Filesize

      2.9MB

      Download