Overview

overview

10

Static

static

3

blackbasta.exe

windows7-x64

10

blackbasta.exe

windows10-2004-x64

8

Resubmissions

29-04-2023 00:04

230429-acrx4sah5x 10

28-04-2023 15:19

230428-sp6wxaeh54 8

Analysis

  • max time kernel
    149s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29-04-2023 00:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    blackbasta.exe

  • Size

    636KB

  • MD5

    267d5c3137d313ce1a86c2f255a835e6

  • SHA1

    c7a37c0edeffd23777cca44f9b49076be1bd43e6

  • SHA256

    17205c43189c22dfcb278f5cc45c2562f622b0b6280dcd43cc1d3c274095eb90

  • SHA512

    9c119a9f973dae77f2cdd6a855ae45c20660aadc5c592f6d06f6360dd0bb5a380d0ed1fcc23c0cb721da70bcca7d32db46181be675bf0587276d35d6da26a31e

  • SSDEEP

    12288:aEky5bwpy02iRaeXCP2CIcdoKAXMr+Mr+kJZ4:j02iRaeHPcdo18rTrf6

Score
8/10
ransomwarespywarestealer

Malware Config

Signatures

  • Modifies extensions of user files 10 IoCs

    Ransomware generally changes the extension on encrypted files.

    ransomware
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
    ransomware
  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\blackbasta.exe
    "C:\Users\Admin\AppData\Local\Temp\blackbasta.exe"
    1⤵
    • Modifies extensions of user files
    • Sets desktop wallpaper using registry
    • Drops file in Program Files directory
    PID:4280

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads