blackbasta | d9d2838327c081a6daf9528c77ff3a8ac88e8ff73521b97d34af0d3da5807e7c

General

Target

d9d2838327c081a6daf9528c77ff3a8ac88e8ff73521b97d34af0d3da5807e7c
Size

743KB
Sample

240529-pcbcpadg9s
MD5

b3c9bb42bca62dea8ba72b8c04200ead
SHA1

4a535112c45ea02782a154d271556a324110db52
SHA256

d9d2838327c081a6daf9528c77ff3a8ac88e8ff73521b97d34af0d3da5807e7c
SHA512

721d0f67c552b79ceb8fdef092e75de1308e062c6b783d220f992e5b9c001e07c40b8a416adee5da20292157057e81cfa3eb618d33f0ebd1e89b9d5355fd0a7b
SSDEEP

12288:B9uxWTNaFP2vTXhyy9cetos+cjMHeUT3VBoKfzY5gVNI3Ng+t:B9uxWTo52Thn9ce5675BoIz0gV6dvt

Score

10^/10

Malware Config

Extracted

Path

C:\ProgramData\readme.txt

Ransom Note

Your data are stolen and encrypted The data will be published on TOR website if you do not pay the ransom You can contact us and decrypt one file for free on this TOR site (you should download and install TOR browser first https://torproject.org) https://aazsbsgya565vlu2c6bzy6yfiebkcbtvvcytvolt33s77xypi7nypxyd.onion/ Your company id for log in: 5c33d3df-a9bf-4899-a852-b2d2ce9944ec

URLs

https://aazsbsgya565vlu2c6bzy6yfiebkcbtvvcytvolt33s77xypi7nypxyd.onion/

Targets

- Target
  
  d9d2838327c081a6daf9528c77ff3a8ac88e8ff73521b97d34af0d3da5807e7c
- Size
  
  743KB
- MD5
  
  b3c9bb42bca62dea8ba72b8c04200ead
- SHA1
  
  4a535112c45ea02782a154d271556a324110db52
- SHA256
  
  d9d2838327c081a6daf9528c77ff3a8ac88e8ff73521b97d34af0d3da5807e7c
- SHA512
  
  721d0f67c552b79ceb8fdef092e75de1308e062c6b783d220f992e5b9c001e07c40b8a416adee5da20292157057e81cfa3eb618d33f0ebd1e89b9d5355fd0a7b
- SSDEEP
  
  12288:B9uxWTNaFP2vTXhyy9cetos+cjMHeUT3VBoKfzY5gVNI3Ng+t:B9uxWTo52Thn9ce5675BoIz0gV6dvt
Score

10^/10

blackbasta defense_evasion execution impact ransomware
- Black Basta
  A ransomware family targeting Windows and Linux ESXi first seen in February 2022.
  ransomware blackbasta
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware defense_evasion impact execution
- Renames multiple (1345) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Loads dropped DLL
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2