General
-
Target
ae7c868713e1d02b4db60128c651eb1e3f6a33c02544cc4cb57c3aa6c6581b6e.exe
-
Size
543KB
-
Sample
230521-hhcz5sgf34
-
MD5
53fdeb923b1890d29b8f29da77995938
-
SHA1
a996ccd0d58125bf299e89f4c03ff37afdab33fc
-
SHA256
ae7c868713e1d02b4db60128c651eb1e3f6a33c02544cc4cb57c3aa6c6581b6e
-
SHA512
7c78e880f3d2dfc163625ff3d0b4676aa6a083dbbeac270520679f6b21d1c449c5af720ca7b9a68b5b3309e2de8d586cfed5d9b3a78d006e6d981a1aaf88c535
-
SSDEEP
12288:M1DTMHixr1moQqUiXINDl/m1s6BQio67VlAU:AzmoQqUiXw2s6yiVxR
Behavioral task
behavioral1
Sample
ae7c868713e1d02b4db60128c651eb1e3f6a33c02544cc4cb57c3aa6c6581b6e.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
ae7c868713e1d02b4db60128c651eb1e3f6a33c02544cc4cb57c3aa6c6581b6e.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
C:\Program Files\readme.txt
https://aazsbsgya565vlu2c6bzy6yfiebkcbtvvcytvolt33s77xypi7nypxyd.onion:80/
Targets
-
-
Target
ae7c868713e1d02b4db60128c651eb1e3f6a33c02544cc4cb57c3aa6c6581b6e.exe
-
Size
543KB
-
MD5
53fdeb923b1890d29b8f29da77995938
-
SHA1
a996ccd0d58125bf299e89f4c03ff37afdab33fc
-
SHA256
ae7c868713e1d02b4db60128c651eb1e3f6a33c02544cc4cb57c3aa6c6581b6e
-
SHA512
7c78e880f3d2dfc163625ff3d0b4676aa6a083dbbeac270520679f6b21d1c449c5af720ca7b9a68b5b3309e2de8d586cfed5d9b3a78d006e6d981a1aaf88c535
-
SSDEEP
12288:M1DTMHixr1moQqUiXINDl/m1s6BQio67VlAU:AzmoQqUiXw2s6yiVxR
Score10/10-
Black Basta
A ransomware family targeting Windows and Linux ESXi first seen in February 2022.
-
Renames multiple (1151) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Renames multiple (3534) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Sets desktop wallpaper using registry
-