General
-
Target
17205c43189c22dfcb278f5cc45c2562f622b0b6280dcd43cc1d3c274095eb90.exe
-
Size
636KB
-
Sample
230731-q9shxahc6s
-
MD5
267d5c3137d313ce1a86c2f255a835e6
-
SHA1
c7a37c0edeffd23777cca44f9b49076be1bd43e6
-
SHA256
17205c43189c22dfcb278f5cc45c2562f622b0b6280dcd43cc1d3c274095eb90
-
SHA512
9c119a9f973dae77f2cdd6a855ae45c20660aadc5c592f6d06f6360dd0bb5a380d0ed1fcc23c0cb721da70bcca7d32db46181be675bf0587276d35d6da26a31e
-
SSDEEP
12288:aEky5bwpy02iRaeXCP2CIcdoKAXMr+Mr+kJZ4:j02iRaeHPcdo18rTrf6
Static task
static1
Behavioral task
behavioral1
Sample
17205c43189c22dfcb278f5cc45c2562f622b0b6280dcd43cc1d3c274095eb90.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
17205c43189c22dfcb278f5cc45c2562f622b0b6280dcd43cc1d3c274095eb90.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
C:\Users\Admin\Desktop\readme.txt
blackbasta
https://aazsbsgya565vlu2c6bzy6yfiebkcbtvvcytvolt33s77xypi7nypxyd.onion:80/
Targets
-
-
Target
17205c43189c22dfcb278f5cc45c2562f622b0b6280dcd43cc1d3c274095eb90.exe
-
Size
636KB
-
MD5
267d5c3137d313ce1a86c2f255a835e6
-
SHA1
c7a37c0edeffd23777cca44f9b49076be1bd43e6
-
SHA256
17205c43189c22dfcb278f5cc45c2562f622b0b6280dcd43cc1d3c274095eb90
-
SHA512
9c119a9f973dae77f2cdd6a855ae45c20660aadc5c592f6d06f6360dd0bb5a380d0ed1fcc23c0cb721da70bcca7d32db46181be675bf0587276d35d6da26a31e
-
SSDEEP
12288:aEky5bwpy02iRaeXCP2CIcdoKAXMr+Mr+kJZ4:j02iRaeHPcdo18rTrf6
Score10/10-
Black Basta
A ransomware family targeting Windows and Linux ESXi first seen in February 2022.
-
Renames multiple (2089) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Renames multiple (743) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-