blackbasta | ff244b6459bdc8bb0b5680b6443b23632e7c49b308bca77e31ba122dd9ce982f

General

Target

ff244b6459bdc8bb0b5680b6443b23632e7c49b308bca77e31ba122dd9ce982f.bin.sample
Size

800KB
Sample

241218-n3gfysypgm
MD5

484ce9a2cbea334e811fece169c5aeeb
SHA1

cdbd48dad8df8d3ab0842e72dac96a20c3e08823
SHA256

ff244b6459bdc8bb0b5680b6443b23632e7c49b308bca77e31ba122dd9ce982f
SHA512

586d63a61603c9a0b6a9f1e441645e1f6aaeb5b8387fe74b28a18c64d63a81a1d5740ba79ace29368a35f5e8c55670aff239ef43f8f7fba68c005da589eab64b
SSDEEP

12288:tVLOFSM++OeO+OeNhBBhhBBhlJ2//R18nBIs0I3cHGzVylK7Nb0tq0mxHu84NeKQ:tNOFSmKqEI3cHGzVylK7Nb0U1Hu8Wp

Score

10^/10

Malware Config

Extracted

Path

C:\Program Files\instructions_read_me.txt

Family

blackbasta

Ransom Note

ATTENTION! Your network has been breached and all data was encrypted. Please contact us at: https://bastad5huzwkepdixedg2gekg7jk22ato24zyllp6lnjx7wdtyctgvyd.onion/ Login ID: 47077447-19df-413b-be30-0651ae4bee39 *!* To access .onion websites download and install Tor Browser at: https://www.torproject.org/ (Tor Browser is not related to us) *!* To restore all your PCs and get your network working again, follow these instructions: - Any attempts to modify, decrypt or rename the files will lead to its fatal corruption. It doesn't matter, who are trying to do this, either it will be your IT guys or a recovery agency. Please follow these simple rules to avoid data corruption: - Do not modify, rename or delete files. Any attempts to modify, decrypt or rename the files will lead to its fatal corruption. - Do not hire a recovery company. They can't decrypt without the key. They also don't care about your business. They believe that they are good negotiators, but it is not. They usually fail. So speak for yourself. Waiting you in a chat.

URLs

https://bastad5huzwkepdixedg2gekg7jk22ato24zyllp6lnjx7wdtyctgvyd.onion/

Targets

- Target
  
  ff244b6459bdc8bb0b5680b6443b23632e7c49b308bca77e31ba122dd9ce982f.bin.sample
- Size
  
  800KB
- MD5
  
  484ce9a2cbea334e811fece169c5aeeb
- SHA1
  
  cdbd48dad8df8d3ab0842e72dac96a20c3e08823
- SHA256
  
  ff244b6459bdc8bb0b5680b6443b23632e7c49b308bca77e31ba122dd9ce982f
- SHA512
  
  586d63a61603c9a0b6a9f1e441645e1f6aaeb5b8387fe74b28a18c64d63a81a1d5740ba79ace29368a35f5e8c55670aff239ef43f8f7fba68c005da589eab64b
- SSDEEP
  
  12288:tVLOFSM++OeO+OeNhBBhhBBhlJ2//R18nBIs0I3cHGzVylK7Nb0tq0mxHu84NeKQ:tNOFSmKqEI3cHGzVylK7Nb0U1Hu8Wp
Score

10^/10

blackbasta discovery ransomware
- Black Basta
  A ransomware family targeting Windows and Linux ESXi first seen in February 2022.
  ransomware blackbasta
- Blackbasta family
  blackbasta
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Black Basta

Blackbasta family

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2