General
-
Target
2024-06-30_bde56933af564b982eea620666e01f9f_blackcat
-
Size
2.6MB
-
Sample
240630-h8s42svcpd
-
MD5
bde56933af564b982eea620666e01f9f
-
SHA1
9673da83493f56fcfcc8bd461106477886d9bc13
-
SHA256
2b96baa58402a24a21ea2bdfee7f18aa3bfe6cbe0828666ed486a4ae50c5bf8f
-
SHA512
1cdffacabca9a1b219a9937869d6c119585232a95721355c34c579dc6560b402b1443408283395793614e545b2cd393e95c47434e21840305045c02fbca98cb0
-
SSDEEP
24576:r6ajuX0NtuqQEpjTFnUAs4wY2MjRdbAkFnBlPapEsNoj/iYxu9/FjlxewQV:rRqaaAj2MddckXlPiG/iKu9/ZPRQ
Behavioral task
behavioral1
Sample
2024-06-30_bde56933af564b982eea620666e01f9f_blackcat.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
2024-06-30_bde56933af564b982eea620666e01f9f_blackcat.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
blackcat
- Username:
KELLERSUPPLY\Administrator - Password:
d@gw00d
- Username:
KELLERSUPPLY\AdminRecovery - Password:
K3ller!$Supp1y
- Username:
.\Administrator - Password:
d@gw00d
- Username:
.\Administrator - Password:
K3ller!$Supp1y
-
enable_network_discovery
true
-
enable_self_propagation
false
-
enable_set_wallpaper
true
-
extension
sykffle
-
note_file_name
RECOVER-${EXTENSION}-FILES.txt
-
note_full_text
>> Introduction Important files on your system was ENCRYPTED and now they have have "${EXTENSION}" extension. In order to recover your files you need to follow instructions below. >> Sensitive Data Sensitive data on your system was DOWNLOADED and it will be PUBLISHED if you refuse to cooperate. Data includes: - Employees personal data, CVs, DL, SSN. - Complete network map including credentials for local and remote services. - Financial information including clients data, bills, budgets, annual reports, bank statements. - Complete datagrams/schemas/drawings for manufacturing in solidworks format - And more... Private preview is published here: http://zujgzbu5y64xbmvc42addp4lxkoosb4tslf5mehnh7pvqjpwxn5gokyd.onion/b21e1fb6-ff88-425b-8339-3523179a1e3e/886cf430a907bbe9a3fd38fb704d524dbd199c1b042ad6f65dc72ad78704e21 >> CAUTION DO NOT MODIFY FILES YOURSELF. DO NOT USE THIRD PARTY SOFTWARE TO RESTORE YOUR DATA. YOU MAY DAMAGE YOUR FILES, IT WILL RESULT IN PERMANENT DATA LOSS. YOUR DATA IS STRONGLY ENCRYPTED, YOU CAN NOT DECRYPT IT WITHOUT CIPHER KEY. >> Recovery procedure Follow these simple steps to get in touch and recover your data: 1) Download and install Tor Browser from: https://torproject.org/ 2) Navigate to: http://mu75ltv3lxd24dbyu6gtvmnwybecigs5auki7fces437xvvflzva2nqd.onion/?access-key=${ACCESS_KEY}
Targets
-
-
Target
2024-06-30_bde56933af564b982eea620666e01f9f_blackcat
-
Size
2.6MB
-
MD5
bde56933af564b982eea620666e01f9f
-
SHA1
9673da83493f56fcfcc8bd461106477886d9bc13
-
SHA256
2b96baa58402a24a21ea2bdfee7f18aa3bfe6cbe0828666ed486a4ae50c5bf8f
-
SHA512
1cdffacabca9a1b219a9937869d6c119585232a95721355c34c579dc6560b402b1443408283395793614e545b2cd393e95c47434e21840305045c02fbca98cb0
-
SSDEEP
24576:r6ajuX0NtuqQEpjTFnUAs4wY2MjRdbAkFnBlPapEsNoj/iYxu9/FjlxewQV:rRqaaAj2MddckXlPiG/iKu9/ZPRQ
Score10/10-
Detects command variations typically used by ransomware
-
Expiro payload
-