blackbasta | 38a5659c98ca7353b656e3542ec336a1e7ecab71febd35491344aca304275a0e

General

Target

38a5659c98ca7353b656e3542ec336a1e7ecab71febd35491344aca304275a0e.bin.sample
Size

827KB
Sample

241218-n5sl1axqey
MD5

5b46d0066316816969848f1f04632ca2
SHA1

1aea30bf9e320d0a75e9b4e059eada88319b2b59
SHA256

38a5659c98ca7353b656e3542ec336a1e7ecab71febd35491344aca304275a0e
SHA512

e37c0e7332202b3811e0ed476309206ed1812363ea775cbd30d2f4e4400a37b56d0d4d6aeb0c1fc6b1ddbe23a50a111f01c3c9498395a6f747c33cd06c3599af
SSDEEP

24576:N9ihT/zGeEfg/g0bmSZq1Fv7L4YiED8h:EGeEfgkSZq1FDkYiEgh

Score

10^/10

Malware Config

Extracted

Path

C:\Program Files\instructions_read_me.txt

Family

blackbasta

Ransom Note

ATTENTION! Your network has been breached and all data was encrypted. Please contact us at: https://bastad5huzwkepdixedg2gekg7jk22ato24zyllp6lnjx7wdtyctgvyd.onion/ Login ID: 797393f4-70a6-4638-818f-f6e2f15f8d5e *!* To access .onion websites download and install Tor Browser at: https://www.torproject.org/ (Tor Browser is not related to us) *!* To restore all your PCs and get your network working again, follow these instructions: - Any attempts to modify, decrypt or rename the files will lead to its fatal corruption. It doesn't matter, who are trying to do this, either it will be your IT guys or a recovery agency. Please follow these simple rules to avoid data corruption: - Do not modify, rename or delete files. Any attempts to modify, decrypt or rename the files will lead to its fatal corruption. - Do not hire a recovery company. They can't decrypt without the key. They also don't care about your business. They believe that they are good negotiators, but it is not. They usually fail. So speak for yourself. Waiting you in a chat.

URLs

https://bastad5huzwkepdixedg2gekg7jk22ato24zyllp6lnjx7wdtyctgvyd.onion/

Targets

- Target
  
  38a5659c98ca7353b656e3542ec336a1e7ecab71febd35491344aca304275a0e.bin.sample
- Size
  
  827KB
- MD5
  
  5b46d0066316816969848f1f04632ca2
- SHA1
  
  1aea30bf9e320d0a75e9b4e059eada88319b2b59
- SHA256
  
  38a5659c98ca7353b656e3542ec336a1e7ecab71febd35491344aca304275a0e
- SHA512
  
  e37c0e7332202b3811e0ed476309206ed1812363ea775cbd30d2f4e4400a37b56d0d4d6aeb0c1fc6b1ddbe23a50a111f01c3c9498395a6f747c33cd06c3599af
- SSDEEP
  
  24576:N9ihT/zGeEfg/g0bmSZq1Fv7L4YiED8h:EGeEfgkSZq1FDkYiEgh
Score

10^/10

blackbasta discovery ransomware
- Black Basta
  A ransomware family targeting Windows and Linux ESXi first seen in February 2022.
  ransomware blackbasta
- Blackbasta family
  blackbasta
- Renames multiple (6154) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Black Basta

Blackbasta family

Renames multiple (6154) files with added filename extension

Drops desktop.ini file(s)

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2