Overview

overview

10

Static

static

3

ad04b4b8eb...in.exe

windows7-x64

10

ad04b4b8eb...in.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ad04b4b8eb9fe76ba316335769d5de3d3c221dec5c5506c984a5ba77c2492c0a.bin.sample

  • Size

    890KB

  • Sample

    241218-n45j6syqdj

  • MD5

    890962e6b129a2fbd5d7c56fedc68f3f

  • SHA1

    cae5a763110d1802385a537c5fd7cca5500a1811

  • SHA256

    ad04b4b8eb9fe76ba316335769d5de3d3c221dec5c5506c984a5ba77c2492c0a

  • SHA512

    501c501029f2749e9ed787440934ecdd2808e8d707f07d65d7c4a6d3659cdd46200796501ef67ab35f98d4f315469e45ca20fa61212757662951b0cc60007a63

  • SSDEEP

    24576:weMarHAeGkDHFQ2M0Z9MuOQT7sh8/JLVjk:GeGwHF19MuOQchgJLVjk

Score
10/10
blackbastadefense_evasiondiscoveryexecutionimpactpersistenceransomware

Malware Config

Extracted

Path

C:\Program Files\instructions_read_me.txt

Family

blackbasta

Ransom Note
ATTENTION! Your network has been breached and all data was encrypted. Please contact us at: https://bastad5huzwkepdixedg2gekg7jk22ato24zyllp6lnjx7wdtyctgvyd.onion/ Login ID: 51095f05-2bb8-4b46-9d85-83610c65bdc2 *!* To access .onion websites download and install Tor Browser at: https://www.torproject.org/ (Tor Browser is not related to us) *!* To restore all your PCs and get your network working again, follow these instructions: - Any attempts to modify, decrypt or rename the files will lead to its fatal corruption. It doesn't matter, who are trying to do this, either it will be your IT guys or a recovery agency. Please follow these simple rules to avoid data corruption: - Do not modify, rename or delete files. Any attempts to modify, decrypt or rename the files will lead to its fatal corruption. - Do not hire a recovery company. They can't decrypt without the key. They also don't care about your business. They believe that they are good negotiators, but it is not. They usually fail. So speak for yourself. Waiting you in a chat.
URLs

https://bastad5huzwkepdixedg2gekg7jk22ato24zyllp6lnjx7wdtyctgvyd.onion/

Targets

    • Target

      ad04b4b8eb9fe76ba316335769d5de3d3c221dec5c5506c984a5ba77c2492c0a.bin.sample

    • Size

      890KB

    • MD5

      890962e6b129a2fbd5d7c56fedc68f3f

    • SHA1

      cae5a763110d1802385a537c5fd7cca5500a1811

    • SHA256

      ad04b4b8eb9fe76ba316335769d5de3d3c221dec5c5506c984a5ba77c2492c0a

    • SHA512

      501c501029f2749e9ed787440934ecdd2808e8d707f07d65d7c4a6d3659cdd46200796501ef67ab35f98d4f315469e45ca20fa61212757662951b0cc60007a63

    • SSDEEP

      24576:weMarHAeGkDHFQ2M0Z9MuOQT7sh8/JLVjk:GeGwHF19MuOQchgJLVjk

    Score
    10/10
    blackbastadefense_evasiondiscoveryexecutionimpactpersistenceransomware

    • Black Basta

      A ransomware family targeting Windows and Linux ESXi first seen in February 2022.

      ransomwareblackbasta

    • Blackbasta family

      blackbasta

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomwaredefense_evasionimpactexecution

    • Renames multiple (3838) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks