blackbasta | 5549e8943fcb60643dc032765675bc486cb7f2f2603d8399ae3946df08b0be84

General

Target

5549e8943fcb60643dc032765675bc486cb7f2f2603d8399ae3946df08b0be84.bin.sample
Size

828KB
Sample

241218-np26haykek
MD5

c6fc90e5ff451a319ca1cb857ffd3800
SHA1

21912a61a881ab758f2e176f93ab64ca446951ca
SHA256

5549e8943fcb60643dc032765675bc486cb7f2f2603d8399ae3946df08b0be84
SHA512

8a79174ca59a8c53d6f5e820f068abb9e2afa24c1f47ac46fc5325a9b612e1365711373eb34fe55141cc65adc560712296b03facc6cf2d6408059d28e6e6f5f3
SSDEEP

12288:4FTfM3+OeO+OeNhBBhhBBd1hzUGvXWoCwUA39w0b6lSydVuYMuOBb70BszJo1Wbz:41f71VXUA39w0b4SydVVGkUJo4OnLs

Score

10^/10

Malware Config

Extracted

Path

C:\Program Files\instructions_read_me.txt

Family

blackbasta

Ransom Note

ATTENTION! Your network has been breached and all data was encrypted. Please contact us at: https://bastad5huzwkepdixedg2gekg7jk22ato24zyllp6lnjx7wdtyctgvyd.onion/ Login ID: 3b08e21a-8245-485a-85e4-9130f3fa94fd *!* To access .onion websites download and install Tor Browser at: https://www.torproject.org/ (Tor Browser is not related to us) *!* To restore all your PCs and get your network working again, follow these instructions: - Any attempts to modify, decrypt or rename the files will lead to its fatal corruption. It doesn't matter, who are trying to do this, either it will be your IT guys or a recovery agency. Please follow these simple rules to avoid data corruption: - Do not modify, rename or delete files. Any attempts to modify, decrypt or rename the files will lead to its fatal corruption. - Do not hire a recovery company. They can't decrypt without the key. They also don't care about your business. They believe that they are good negotiators, but it is not. They usually fail. So speak for yourself. Waiting you in a chat.

URLs

https://bastad5huzwkepdixedg2gekg7jk22ato24zyllp6lnjx7wdtyctgvyd.onion/

Targets

- Target
  
  5549e8943fcb60643dc032765675bc486cb7f2f2603d8399ae3946df08b0be84.bin.sample
- Size
  
  828KB
- MD5
  
  c6fc90e5ff451a319ca1cb857ffd3800
- SHA1
  
  21912a61a881ab758f2e176f93ab64ca446951ca
- SHA256
  
  5549e8943fcb60643dc032765675bc486cb7f2f2603d8399ae3946df08b0be84
- SHA512
  
  8a79174ca59a8c53d6f5e820f068abb9e2afa24c1f47ac46fc5325a9b612e1365711373eb34fe55141cc65adc560712296b03facc6cf2d6408059d28e6e6f5f3
- SSDEEP
  
  12288:4FTfM3+OeO+OeNhBBhhBBd1hzUGvXWoCwUA39w0b6lSydVuYMuOBb70BszJo1Wbz:41f71VXUA39w0b4SydVVGkUJo4OnLs
Score

10^/10

blackbasta discovery ransomware
- Black Basta
  A ransomware family targeting Windows and Linux ESXi first seen in February 2022.
  ransomware blackbasta
- Blackbasta family
  blackbasta
- Renames multiple (2228) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Black Basta

Blackbasta family

Renames multiple (2228) files with added filename extension

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2