blackbasta | 0e1764a83668825f870143b5af13d9cc12bc55f3f264efe7bee4401b6133de83 | Triage

Submit
Reports

Overview

overview

Static

static

fda16dd1b5...a7.exe

windows7-x64

9

fda16dd1b5...a7.exe

windows10-2004-x64

7

Sharing

General

Target

9003711726.zip
Size

3.2MB
Sample

230206-scf5qaee38
MD5

4617b9d634b7a6d6c05837e50f1f9398
SHA1

0f3a3af4b8dc4b332b0b1988077c52b4e56e1a24
SHA256

0e1764a83668825f870143b5af13d9cc12bc55f3f264efe7bee4401b6133de83
SHA512

05836822b85c2c886e51011803cd353fd8936b7ccf6a4392f2c22d311fa8f79c8b6bf5f0d96690160f670d5e55c44b8c2fa0148e25daba2603efbcf2f4f2dd96
SSDEEP

98304:i7nyyVUBXI/NZqCwWC5pdq0D/C3a2QVLdCDe:0UICCy5pdqy/CgCDe

Score

10^/10

blackbasta blackmatter ransomware spyware stealer

Static task

static1

blackbasta blackmatter

3 signatures

Behavioral task

behavioral1

Sample

fda16dd1b56329042b632930171ef25be4a49d05b96cc2466ff9940c0807b1a7.exe

Resource

win7-20221111-en

ransomware spyware stealer

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

fda16dd1b56329042b632930171ef25be4a49d05b96cc2466ff9940c0807b1a7.exe

Resource

win10v2004-20220812-en

spyware stealer

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  fda16dd1b56329042b632930171ef25be4a49d05b96cc2466ff9940c0807b1a7
- Size
  
  10.6MB
- MD5
  
  9b0dbfe3b3e7cec4faa029e5197730ca
- SHA1
  
  9f7bb1ebfe4e69f817dc2bcf8613297ea84884ae
- SHA256
  
  fda16dd1b56329042b632930171ef25be4a49d05b96cc2466ff9940c0807b1a7
- SHA512
  
  3a3e741d302f1adeb0362e6d08a76279e60a91cc90ae4b8f6662236b4b572614ce8b5c2fed720af6f92243d30c1afc5d0640c22956dd149d97ee91d3e4e4c25f
- SSDEEP
  
  98304:+Lu1TIRtUOV5ZQ+5jZArLu1OWWqXpy05QP:+TRtBYk405QP
Score

9^/10

ransomware spyware stealer
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Privilege Escalation

Defense Evasion

File Deletion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Tasks

static1

blackbastablackmatter

behavioral1

ransomwarespywarestealer

behavioral2

© 2018-2024

Terms | Privacy