Overview

overview

10

Static

static

3

1354254499...c3.dll

windows7-x64

10

1354254499...c3.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    131s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    27-10-2024 06:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1354254499b2e3353708747d36c334074f40c1f726ea7590384f2192c972f8c3.dll

  • Size

    1023KB

  • MD5

    53a7c9b7ae1309fa2fda3cd9cd04d35d

  • SHA1

    0376101a6ba19ae78e70aa8ac355f73d2ba623ad

  • SHA256

    1354254499b2e3353708747d36c334074f40c1f726ea7590384f2192c972f8c3

  • SHA512

    7950bf1455471f4c881d9b432a7bfdb31cc4e667a9c2c3acf59d1940b0604bb04493ea5b2dddba44be5665e8c9006c7d0c0a234c64d4d8fca4061e3467363e27

  • SSDEEP

    12288:MaltsKTwLqC5SWYgeWYg955/155/QUrTaUHx2eP9RJbBDv6cTWPb9lWzpk+hMry/:MaltsKTwLB5k5PbG7pf6BadFmCxvzO

Score
10/10
blackbastaransomware

Malware Config

Extracted

Path

C:\Program Files\instructions_read_me.txt

Family

blackbasta

Ransom Note
ATTENTION! Your network has been breached and all data was encrypted. Please contact us at: https://bastad5huzwkepdixedg2gekg7jk22ato24zyllp6lnjx7wdtyctgvyd.onion/ Login ID: 56da98ec-b499-4ad2-b5d3-efd4f05df352 *!* To access .onion websites download and install Tor Browser at: https://www.torproject.org/ (Tor Browser is not related to us) *!* To restore all your PCs and get your network working again, follow these instructions: - Any attempts to modify, decrypt or rename the files will lead to its fatal corruption. It doesn't matter, who are trying to do this, either it will be your IT guys or a recovery agency. Please follow these simple rules to avoid data corruption: - Do not modify, rename or delete files. Any attempts to modify, decrypt or rename the files will lead to its fatal corruption. - Do not hire a recovery company. They can't decrypt without the key. They also don't care about your business. They believe that they are good negotiators, but it is not. They usually fail. So speak for yourself. Waiting you in a chat.
URLs

https://bastad5huzwkepdixedg2gekg7jk22ato24zyllp6lnjx7wdtyctgvyd.onion/

Signatures

  • Black Basta

    A ransomware family targeting Windows and Linux ESXi first seen in February 2022.

    ransomwareblackbasta
  • Blackbasta family
    blackbasta
  • Renames multiple (6225) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops desktop.ini file(s) 1 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Modifies registry class 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\1354254499b2e3353708747d36c334074f40c1f726ea7590384f2192c972f8c3.dll,#1
    1⤵
    • Drops desktop.ini file(s)
    • Drops file in Program Files directory
    • Modifies registry class
    PID:2156

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\instructions_read_me.txt
    Filesize

    1KB

    MD5

    726ce44468fd2f6ae38e2e4bf2baee96

    SHA1

    73afb5947c8ad295ea6b1b70826402346c070935

    SHA256

    b54d6dde66a659069e69c8bac9af629b40f4907c1fc7b9fc1f76d5eb42384e50

    SHA512

    b26709072cc866150c492f92a6a1483a8582f6145cf8cfc10230797c9e0960e063fda58e2741ae1ed88ded0480184b2264b59d1554030df0cfd8afa2ca8c5113

    Download Submit