Overview

overview

10

Static

static

3

e9652ef869...d3.exe

windows7-x64

10

e9652ef869...d3.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    142s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31-05-2024 14:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e9652ef869194ec2b5a63386e7998a36dbded937636d9522804bf0050cb8a1d3.exe

  • Size

    3.1MB

  • MD5

    62dd406eaf257bf418e7e6dd57d3cf6e

  • SHA1

    f4bbc7b24f72637742ec80ee242ba8785b6d889b

  • SHA256

    e9652ef869194ec2b5a63386e7998a36dbded937636d9522804bf0050cb8a1d3

  • SHA512

    e7cac712e83b6600c5a4976b683fed157a1cb6c55437a891bb2a5dcabc74b7f3329e9186892bb68d2b68f0a4a6d0b8951e93aaf627270101f58abd6ae96a2d6c

  • SSDEEP

    49152:+7iiO3T/jgRWbeS1chc8fbglNjeWxqkikf3DaNuT9wF2ZadJGY8dKHsLktui13EK:NnggbL1cXf0lNZLZONu5UGIUiyK

Score
10/10
blackcatransomware

Malware Config

Extracted

Family

blackcat

Credentials
Attributes
  • enable_network_discovery

    true

  • enable_self_propagation

    true

  • enable_set_wallpaper

    true

  • extension

    jv6brbc

  • note_file_name

    RECOVER-${EXTENSION}-FILES.txt

  • note_full_text

    >> What happened? Important files on your network was ENCRYPTED and now they have "${EXTENSION}" extension. In order to recover your files you need to follow instructions below. >> Sensitive Data Sensitive data on your system was DOWNLOADED. If you DON'T WANT your sensitive data to be PUBLISHED you have to act quickly. Data includes: - Employees personal data, CVs, DL, SSN. - Complete network map including credentials for local and remote services. - Private financial information including: clients data, bills, budgets, annual reports, bank statements. - Manufacturing documents including: datagrams, schemas, drawings in solidworks format - And more... Private URL: http://alphvmmm27o3abo3r2mlmjrpdmzle3rykajqc5xsj7j7ejksbpsa36ad.onion/2e60b9ac-754a-46a7-aff0-e7e0879c851b/89609545e4c7d699a154ede707787d694a02c05dcc6503e90dc6020b7679cdf1 >> CAUTION DO NOT MODIFY ENCRYPTED FILES YOURSELF. DO NOT USE THIRD PARTY SOFTWARE TO RESTORE YOUR DATA. YOU MAY DAMAGE YOUR FILES, IT WILL RESULT IN PERMANENT DATA LOSS. >> What should I do next? Follow these simple steps to get everything back to normal: 1) Download and install Tor Browser from: https://torproject.org/ 2) Navigate to: http://xnsbsjciylsg23zfmrv6ocuyh7ha5zexeouchlr3zsi5suda4arpeyqd.onion/?access-key=${ACCESS_KEY}

rsa_pubkey.plain

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\e9652ef869194ec2b5a63386e7998a36dbded937636d9522804bf0050cb8a1d3.exe
    "C:\Users\Admin\AppData\Local\Temp\e9652ef869194ec2b5a63386e7998a36dbded937636d9522804bf0050cb8a1d3.exe"
    1⤵
      PID:3968
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4076 --field-trial-handle=1928,i,13242902252791919845,10377620236057253993,262144 --variations-seed-version /prefetch:8
      1⤵
        PID:3356

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/3968-0-0x0000000000400000-0x0000000000710000-memory.dmp

        Filesize

        3.1MB

        Download

      • memory/3968-1-0x00000000009E0000-0x0000000000A1C000-memory.dmp

        Filesize

        240KB

        Download

      • memory/3968-2-0x0000000000400000-0x0000000000710000-memory.dmp

        Filesize

        3.1MB

        Download

      • memory/3968-6-0x0000000000400000-0x0000000000710000-memory.dmp

        Filesize

        3.1MB

        Download

      • memory/3968-3-0x0000000000401000-0x0000000000603000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/3968-7-0x0000000000400000-0x0000000000710000-memory.dmp

        Filesize

        3.1MB

        Download

      • memory/3968-8-0x0000000000400000-0x0000000000710000-memory.dmp

        Filesize

        3.1MB

        Download

      • memory/3968-9-0x0000000000400000-0x0000000000710000-memory.dmp

        Filesize

        3.1MB

        Download

      • memory/3968-10-0x00000000009A0000-0x00000000009A2000-memory.dmp

        Filesize

        8KB

        Download

      • memory/3968-11-0x0000000000400000-0x0000000000710000-memory.dmp

        Filesize

        3.1MB

        Download

      • memory/3968-12-0x0000000000400000-0x0000000000710000-memory.dmp

        Filesize

        3.1MB

        Download

      • memory/3968-15-0x00000000009E0000-0x0000000000A1C000-memory.dmp

        Filesize

        240KB

        Download

      • memory/3968-14-0x0000000000400000-0x0000000000710000-memory.dmp

        Filesize

        3.1MB

        Download

      • memory/3968-16-0x0000000000401000-0x0000000000603000-memory.dmp

        Filesize

        2.0MB

        Download