blackbasta | 645a18f737bd6d810a48c4a47ace62c196eb1ef285f8ca9bea6218b312fff16e

General

Target

645a18f737bd6d810a48c4a47ace62c196eb1ef285f8ca9bea6218b312fff16e.bin.sample
Size

827KB
Sample

241218-n4n77axqby
MD5

da7e741665f826e9fac561410ab75244
SHA1

1a81649e218cc9fc1033573c3c4dbd27a6eb36fb
SHA256

645a18f737bd6d810a48c4a47ace62c196eb1ef285f8ca9bea6218b312fff16e
SHA512

f91c7711dbc394d0e42ba50528d098ec58b2aac5e72a044fea75b4e082e49aca3c5ef9fea086a3dc96136e1a531de7c124998c9f1e17efae0e51e165fc909cd2
SSDEEP

12288:VETfM3+OeO+OeNhBBhhBBd1hzUGvXWoCwUA39w0b6lSydVuYMuOBb70BszJo1WTM:VKf71VXUA39w0b4SydVVGkUJo4fvLs

Score

10^/10

Malware Config

Extracted

Path

C:\Program Files\instructions_read_me.txt

Family

blackbasta

Ransom Note

ATTENTION! Your network has been breached and all data was encrypted. Please contact us at: https://bastad5huzwkepdixedg2gekg7jk22ato24zyllp6lnjx7wdtyctgvyd.onion/ Login ID: 66a531a8-86fe-42cf-8a02-0d7e139cfbe2 *!* To access .onion websites download and install Tor Browser at: https://www.torproject.org/ (Tor Browser is not related to us) *!* To restore all your PCs and get your network working again, follow these instructions: - Any attempts to modify, decrypt or rename the files will lead to its fatal corruption. It doesn't matter, who are trying to do this, either it will be your IT guys or a recovery agency. Please follow these simple rules to avoid data corruption: - Do not modify, rename or delete files. Any attempts to modify, decrypt or rename the files will lead to its fatal corruption. - Do not hire a recovery company. They can't decrypt without the key. They also don't care about your business. They believe that they are good negotiators, but it is not. They usually fail. So speak for yourself. Waiting you in a chat.

URLs

https://bastad5huzwkepdixedg2gekg7jk22ato24zyllp6lnjx7wdtyctgvyd.onion/

Targets

- Target
  
  645a18f737bd6d810a48c4a47ace62c196eb1ef285f8ca9bea6218b312fff16e.bin.sample
- Size
  
  827KB
- MD5
  
  da7e741665f826e9fac561410ab75244
- SHA1
  
  1a81649e218cc9fc1033573c3c4dbd27a6eb36fb
- SHA256
  
  645a18f737bd6d810a48c4a47ace62c196eb1ef285f8ca9bea6218b312fff16e
- SHA512
  
  f91c7711dbc394d0e42ba50528d098ec58b2aac5e72a044fea75b4e082e49aca3c5ef9fea086a3dc96136e1a531de7c124998c9f1e17efae0e51e165fc909cd2
- SSDEEP
  
  12288:VETfM3+OeO+OeNhBBhhBBd1hzUGvXWoCwUA39w0b6lSydVuYMuOBb70BszJo1WTM:VKf71VXUA39w0b4SydVVGkUJo4fvLs
Score

10^/10

blackbasta discovery ransomware
- Black Basta
  A ransomware family targeting Windows and Linux ESXi first seen in February 2022.
  ransomware blackbasta
- Blackbasta family
  blackbasta
- Renames multiple (4347) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Black Basta

Blackbasta family

Renames multiple (4347) files with added filename extension

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2