blackbasta | 764b1117262d33f0a69b4f4c72fad607b7c71c262f60b9b2b35a21e7f4967786

General

Target

764b1117262d33f0a69b4f4c72fad607b7c71c262f60b9b2b35a21e7f4967786.bin.sample
Size

1023KB
Sample

241218-n6scmaxqhz
MD5

08378cd36fdbf69dba24d14393ad564d
SHA1

c698e08ff114499e9fecf39fcbf23f652f1cdad8
SHA256

764b1117262d33f0a69b4f4c72fad607b7c71c262f60b9b2b35a21e7f4967786
SHA512

ef831fc12ad4831e180c9e5e9babbf1a2d8675a918992fc6f5306447b30e12de63e5034124e31a2d9517db4322e7aaf4a01cecf3239f2c6f6d459358849ef197
SSDEEP

12288:jbXTgrBCnMCz5WYgeWYg955/155/UqgFUHx2lvyRJbhLvTcT+sqnhDik2BBD+/rF:jbTgrBCnjzgsKrd7m4+OmMlaT2BZSP2

Score

10^/10

blackbasta ransomware

Malware Config

Extracted

Path

C:\Program Files\instructions_read_me.txt

Family

blackbasta

Ransom Note

ATTENTION! Your network has been breached and all data was encrypted. Please contact us at: https://bastad5huzwkepdixedg2gekg7jk22ato24zyllp6lnjx7wdtyctgvyd.onion/ Login ID: 3dd718a3-db04-485f-b882-250349c8a4de *!* To access .onion websites download and install Tor Browser at: https://www.torproject.org/ (Tor Browser is not related to us) *!* To restore all your PCs and get your network working again, follow these instructions: - Any attempts to modify, decrypt or rename the files will lead to its fatal corruption. It doesn't matter, who are trying to do this, either it will be your IT guys or a recovery agency. Please follow these simple rules to avoid data corruption: - Do not modify, rename or delete files. Any attempts to modify, decrypt or rename the files will lead to its fatal corruption. - Do not hire a recovery company. They can't decrypt without the key. They also don't care about your business. They believe that they are good negotiators, but it is not. They usually fail. So speak for yourself. Waiting you in a chat.

URLs

https://bastad5huzwkepdixedg2gekg7jk22ato24zyllp6lnjx7wdtyctgvyd.onion/

Targets

- Target
  
  764b1117262d33f0a69b4f4c72fad607b7c71c262f60b9b2b35a21e7f4967786.bin.sample
- Size
  
  1023KB
- MD5
  
  08378cd36fdbf69dba24d14393ad564d
- SHA1
  
  c698e08ff114499e9fecf39fcbf23f652f1cdad8
- SHA256
  
  764b1117262d33f0a69b4f4c72fad607b7c71c262f60b9b2b35a21e7f4967786
- SHA512
  
  ef831fc12ad4831e180c9e5e9babbf1a2d8675a918992fc6f5306447b30e12de63e5034124e31a2d9517db4322e7aaf4a01cecf3239f2c6f6d459358849ef197
- SSDEEP
  
  12288:jbXTgrBCnMCz5WYgeWYg955/155/UqgFUHx2lvyRJbhLvTcT+sqnhDik2BBD+/rF:jbTgrBCnjzgsKrd7m4+OmMlaT2BZSP2
Score

10^/10

blackbasta ransomware
- Black Basta
  A ransomware family targeting Windows and Linux ESXi first seen in February 2022.
  ransomware blackbasta
- Blackbasta family
  blackbasta
- Renames multiple (1573) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Black Basta

Blackbasta family

Renames multiple (1573) files with added filename extension

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2