Overview

overview

10

Static

static

3

b.zip

windows10-ltsc 2021-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b.zip

  • Size

    446KB

  • Sample

    241221-sn7f2ssjfp

  • MD5

    985b24da5760a2acb663944336ac96fa

  • SHA1

    5750ff42866f4ebf885c4eba2d346e656c19b1d0

  • SHA256

    b8463c09f968d938c4722febb7342f2e9babc2deba004f0945892ad297214b31

  • SHA512

    b1c1248390de5c847033fe3b098bfe257c296add90ad0ec2d885ccc7545ee9799e0cbf6e48402b87d361070af1c71ee13c0e90900f2679f99c2ba17cd4ea7009

  • SSDEEP

    12288:boutuJQIn872o78fwwHqo5C8nDDCLu/ou7I0ngv0Y:bhsJQo87QfUo5CkDOLr8bBY

Score
10/10
blackbastaransomware

Malware Config

Extracted

Path

C:\Program Files (x86)\instructions_read_me.txt

Family

blackbasta

Ransom Note
ATTENTION! Your network has been breached and all data was encrypted. Please contact us at: https://bastad5huzwkepdixedg2gekg7jk22ato24zyllp6lnjx7wdtyctgvyd.onion/ Login ID: 3dd718a3-db04-485f-b882-250349c8a4de *!* To access .onion websites download and install Tor Browser at: https://www.torproject.org/ (Tor Browser is not related to us) *!* To restore all your PCs and get your network working again, follow these instructions: - Any attempts to modify, decrypt or rename the files will lead to its fatal corruption. It doesn't matter, who are trying to do this, either it will be your IT guys or a recovery agency. Please follow these simple rules to avoid data corruption: - Do not modify, rename or delete files. Any attempts to modify, decrypt or rename the files will lead to its fatal corruption. - Do not hire a recovery company. They can't decrypt without the key. They also don't care about your business. They believe that they are good negotiators, but it is not. They usually fail. So speak for yourself. Waiting you in a chat.
URLs

https://bastad5huzwkepdixedg2gekg7jk22ato24zyllp6lnjx7wdtyctgvyd.onion/

Targets

    • Target

      b.zip

    • Size

      446KB

    • MD5

      985b24da5760a2acb663944336ac96fa

    • SHA1

      5750ff42866f4ebf885c4eba2d346e656c19b1d0

    • SHA256

      b8463c09f968d938c4722febb7342f2e9babc2deba004f0945892ad297214b31

    • SHA512

      b1c1248390de5c847033fe3b098bfe257c296add90ad0ec2d885ccc7545ee9799e0cbf6e48402b87d361070af1c71ee13c0e90900f2679f99c2ba17cd4ea7009

    • SSDEEP

      12288:boutuJQIn872o78fwwHqo5C8nDDCLu/ou7I0ngv0Y:bhsJQo87QfUo5CkDOLr8bBY

    Score
    10/10
    blackbastaransomware

    • Black Basta

      A ransomware family targeting Windows and Linux ESXi first seen in February 2022.

      ransomwareblackbasta

    • Blackbasta family

      blackbasta

    • Renames multiple (3444) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Loads dropped DLL

    behavioral1

MITRE ATT&CK Matrix

Tasks