Overview

overview

10

Static

static

3

d7221c8252...df.exe

windows7-x64

10

d7221c8252...df.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    92s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31-05-2024 13:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d7221c82526de0c9b2b71ca2e61d879aa405e98299a50f3a10fba0fd84349bdf.exe

  • Size

    3.1MB

  • MD5

    60b693ffead691ce30298d3347bddd82

  • SHA1

    5dbb77c5e2228246f6504072f5ade4ea2e4aea3a

  • SHA256

    d7221c82526de0c9b2b71ca2e61d879aa405e98299a50f3a10fba0fd84349bdf

  • SHA512

    ea2adf6ce24fa1cba78cdbafe5804ba8471d966c8f5125a48f2f8d3a036cdbd916ebf5c3293b03626ac602aa12e027a56b20f98c4ff332cb4ef4ac958a198caf

  • SSDEEP

    49152:aHl1YQbKgnSn+ym9uBvUm5eE5+o+l2DnhjRVJCHwtJL/LwPYh3jlrvVVjF3C8EHw:IkOnw5m92U4+gFV9JLT6anPC8oUD

Score
10/10
blackcatransomware

Malware Config

Extracted

Family

blackcat

Attributes
  • enable_network_discovery

    true

  • enable_self_propagation

    true

  • enable_set_wallpaper

    true

  • extension

    rt2sudt

  • note_file_name

    RECOVER-${EXTENSION}-FILES.txt

  • note_full_text

    >> What happened? Important files on your network was ENCRYPTED and now they have "${EXTENSION}" extension. In order to recover your files you need to follow instructions below. >> Sensitive Data Sensitive data on your network was DOWNLOADED. If you DON'T WANT your sensitive data to be PUBLISHED you have to act quickly. Data includes: - Employees personal data, CVs, DL, SSN. - Complete network map including credentials for local and remote services. - Private financial information including: clients data, bills, budgets, annual reports, bank statements. - Manufacturing documents including: datagrams, schemas, drawings in solidworks format - And more... >> CAUTION DO NOT MODIFY ENCRYPTED FILES YOURSELF. DO NOT USE THIRD PARTY SOFTWARE TO RESTORE YOUR DATA. YOU MAY DAMAGE YOUR FILES, IT WILL RESULT IN PERMANENT DATA LOSS. >> What should I do next? 1) Download and install Tor Browser from: https://torproject.org/ 2) Navigate to: http://mcqercb63o72ug5tgujamkxkeafmoi3pvli2hfofzoyfckahezp75eyd.onion/?access-key=${ACCESS_KEY}

rsa_pubkey.plain

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\d7221c82526de0c9b2b71ca2e61d879aa405e98299a50f3a10fba0fd84349bdf.exe
    "C:\Users\Admin\AppData\Local\Temp\d7221c82526de0c9b2b71ca2e61d879aa405e98299a50f3a10fba0fd84349bdf.exe"
    1⤵
      PID:3124

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/3124-0-0x0000000000400000-0x00000000006FD000-memory.dmp

      Filesize

      3.0MB

      Download

    • memory/3124-1-0x0000000000400000-0x00000000006FD000-memory.dmp

      Filesize

      3.0MB

      Download

    • memory/3124-5-0x0000000000400000-0x00000000006FD000-memory.dmp

      Filesize

      3.0MB

      Download

    • memory/3124-3-0x0000000000400000-0x00000000006FD000-memory.dmp

      Filesize

      3.0MB

      Download

    • memory/3124-6-0x0000000000910000-0x0000000000912000-memory.dmp

      Filesize

      8KB

      Download

    • memory/3124-2-0x0000000000400000-0x00000000006FD000-memory.dmp

      Filesize

      3.0MB

      Download

    • memory/3124-4-0x0000000000401000-0x00000000005EF000-memory.dmp

      Filesize

      1.9MB

      Download

    • memory/3124-7-0x0000000000400000-0x00000000006FD000-memory.dmp

      Filesize

      3.0MB

      Download

    • memory/3124-8-0x0000000000400000-0x00000000006FD000-memory.dmp

      Filesize

      3.0MB

      Download

    • memory/3124-10-0x0000000000400000-0x00000000006FD000-memory.dmp

      Filesize

      3.0MB

      Download