General

  • Target

    1354254499b2e3353708747d36c334074f40c1f726ea7590384f2192c972f8c3.exe

  • Size

    1023KB

  • Sample

    241027-hlwawsvelb

  • MD5

    53a7c9b7ae1309fa2fda3cd9cd04d35d

  • SHA1

    0376101a6ba19ae78e70aa8ac355f73d2ba623ad

  • SHA256

    1354254499b2e3353708747d36c334074f40c1f726ea7590384f2192c972f8c3

  • SHA512

    7950bf1455471f4c881d9b432a7bfdb31cc4e667a9c2c3acf59d1940b0604bb04493ea5b2dddba44be5665e8c9006c7d0c0a234c64d4d8fca4061e3467363e27

  • SSDEEP

    12288:MaltsKTwLqC5SWYgeWYg955/155/QUrTaUHx2eP9RJbBDv6cTWPb9lWzpk+hMry/:MaltsKTwLB5k5PbG7pf6BadFmCxvzO

Score
10/10

Malware Config

Extracted

Path

C:\Program Files\instructions_read_me.txt

Family

blackbasta

Ransom Note
ATTENTION! Your network has been breached and all data was encrypted. Please contact us at: https://bastad5huzwkepdixedg2gekg7jk22ato24zyllp6lnjx7wdtyctgvyd.onion/ Login ID: 56da98ec-b499-4ad2-b5d3-efd4f05df352 *!* To access .onion websites download and install Tor Browser at: https://www.torproject.org/ (Tor Browser is not related to us) *!* To restore all your PCs and get your network working again, follow these instructions: - Any attempts to modify, decrypt or rename the files will lead to its fatal corruption. It doesn't matter, who are trying to do this, either it will be your IT guys or a recovery agency. Please follow these simple rules to avoid data corruption: - Do not modify, rename or delete files. Any attempts to modify, decrypt or rename the files will lead to its fatal corruption. - Do not hire a recovery company. They can't decrypt without the key. They also don't care about your business. They believe that they are good negotiators, but it is not. They usually fail. So speak for yourself. Waiting you in a chat.
URLs

https://bastad5huzwkepdixedg2gekg7jk22ato24zyllp6lnjx7wdtyctgvyd.onion/

Targets

    • Target

      1354254499b2e3353708747d36c334074f40c1f726ea7590384f2192c972f8c3.exe

    • Size

      1023KB

    • MD5

      53a7c9b7ae1309fa2fda3cd9cd04d35d

    • SHA1

      0376101a6ba19ae78e70aa8ac355f73d2ba623ad

    • SHA256

      1354254499b2e3353708747d36c334074f40c1f726ea7590384f2192c972f8c3

    • SHA512

      7950bf1455471f4c881d9b432a7bfdb31cc4e667a9c2c3acf59d1940b0604bb04493ea5b2dddba44be5665e8c9006c7d0c0a234c64d4d8fca4061e3467363e27

    • SSDEEP

      12288:MaltsKTwLqC5SWYgeWYg955/155/QUrTaUHx2eP9RJbBDv6cTWPb9lWzpk+hMry/:MaltsKTwLB5k5PbG7pf6BadFmCxvzO

    Score
    10/10
    • Black Basta

      A ransomware family targeting Windows and Linux ESXi first seen in February 2022.

    • Blackbasta family

    • Renames multiple (6225) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Drops desktop.ini file(s)

MITRE ATT&CK Matrix

Tasks