General

  • Target

    5d2204f3a20e163120f52a2e3595db19890050b2faa96c6cba6b094b0a52b0aa

  • Size

    563KB

  • Sample

    220426-y4d3bsaadq

  • MD5

    3f400f30415941348af21d515a2fc6a3

  • SHA1

    bd0bf9c987288ca434221d7d81c54a47e913600a

  • SHA256

    5d2204f3a20e163120f52a2e3595db19890050b2faa96c6cba6b094b0a52b0aa

  • SHA512

    0d4c3ee8807bbbf635ce2d1ce1b747c23cc2724ff999580169e5514c7c97109083bea169bd6a5f8be35f3b679bb8446839fcc7a38f78503658eda306bec69154

  • SSDEEP

    12288:TFx0B/O7JxPzW9JPlHKtxYRkG7zLfpXE6SbJ:Rx7zW9JPlGskG1v

Malware Config

Targets

    • Target

      5d2204f3a20e163120f52a2e3595db19890050b2faa96c6cba6b094b0a52b0aa

    • Size

      563KB

    • MD5

      3f400f30415941348af21d515a2fc6a3

    • SHA1

      bd0bf9c987288ca434221d7d81c54a47e913600a

    • SHA256

      5d2204f3a20e163120f52a2e3595db19890050b2faa96c6cba6b094b0a52b0aa

    • SHA512

      0d4c3ee8807bbbf635ce2d1ce1b747c23cc2724ff999580169e5514c7c97109083bea169bd6a5f8be35f3b679bb8446839fcc7a38f78503658eda306bec69154

    • SSDEEP

      12288:TFx0B/O7JxPzW9JPlHKtxYRkG7zLfpXE6SbJ:Rx7zW9JPlGskG1v

    • Black Basta

      A ransomware family targeting Windows and Linux ESXi first seen in February 2022.

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Modifies boot configuration data using bcdedit

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Sets desktop wallpaper using registry

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

File Deletion

2
T1107

Modify Registry

1
T1112

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Impact

Inhibit System Recovery

3
T1490

Defacement

1
T1491

Tasks