blackbasta | 11129aad3b5baa1d118ec0ee3922278c194e43f6e2f0fcef221c65e5f4490d3b

General

Target

11129aad3b5baa1d118ec0ee3922278c194e43f6e2f0fcef221c65e5f4490d3b.exe
Size

2.6MB
Sample

241028-ckswgsvqav
MD5

523d6d251e5f8f9d7db1a3645967e72e
SHA1

aca4932ac18f5c0227ee85e01da35a0b66285424
SHA256

11129aad3b5baa1d118ec0ee3922278c194e43f6e2f0fcef221c65e5f4490d3b
SHA512

f4910a6c30e3f18564e77e47f5a2d0172775a880e39d93629de5c4094b22efc90c0d5c5518ed5952c7eeeb8861b55b2bdfac5a402fa11d1dac205d986046e05b
SSDEEP

49152:vFDi8DIuiRIGgmGjunBD95D8L5ZtGtXaP4La47RvmcfXGhCz7CNyHbn877QZI1w:vXxYSm9BfDCn4tqP4W2RvhfXGQzOQHbJ

Score

10^/10

Malware Config

Extracted

Path

C:\Program Files\instructions_read_me.txt

Family

blackbasta

Ransom Note

ATTENTION! Your network has been breached and all data was encrypted. Please contact us at: https://bastad5huzwkepdixedg2gekg7jk22ato24zyllp6lnjx7wdtyctgvyd.onion/ Login ID: 66e18026-1453-4fe2-8621-d51fcc9dc54e *!* To access .onion websites download and install Tor Browser at: https://www.torproject.org/ (Tor Browser is not related to us) *!* To restore all your PCs and get your network working again, follow these instructions: - Any attempts to modify, decrypt or rename the files will lead to its fatal corruption. It doesn't matter, who are trying to do this, either it will be your IT guys or a recovery agency. Please follow these simple rules to avoid data corruption: - Do not modify, rename or delete files. Any attempts to modify, decrypt or rename the files will lead to its fatal corruption. - Do not hire a recovery company. They can't decrypt without the key. They also don't care about your business. They believe that they are good negotiators, but it is not. They usually fail. So speak for yourself. Waiting you in a chat.

URLs

https://bastad5huzwkepdixedg2gekg7jk22ato24zyllp6lnjx7wdtyctgvyd.onion/

Targets

- Target
  
  11129aad3b5baa1d118ec0ee3922278c194e43f6e2f0fcef221c65e5f4490d3b.exe
- Size
  
  2.6MB
- MD5
  
  523d6d251e5f8f9d7db1a3645967e72e
- SHA1
  
  aca4932ac18f5c0227ee85e01da35a0b66285424
- SHA256
  
  11129aad3b5baa1d118ec0ee3922278c194e43f6e2f0fcef221c65e5f4490d3b
- SHA512
  
  f4910a6c30e3f18564e77e47f5a2d0172775a880e39d93629de5c4094b22efc90c0d5c5518ed5952c7eeeb8861b55b2bdfac5a402fa11d1dac205d986046e05b
- SSDEEP
  
  49152:vFDi8DIuiRIGgmGjunBD95D8L5ZtGtXaP4La47RvmcfXGhCz7CNyHbn877QZI1w:vXxYSm9BfDCn4tqP4W2RvhfXGQzOQHbJ
Score

10^/10

blackbasta defense_evasion discovery execution impact ransomware
- Black Basta
  A ransomware family targeting Windows and Linux ESXi first seen in February 2022.
  ransomware blackbasta
- Blackbasta family
  blackbasta
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware defense_evasion impact execution
behavioral1 behavioral2