blackbasta | 9635c91adf7f8ee699b4b1b63d7342f3c732dfea9896cc0a67d9789b08577b5f | Triage

Submit
Reports

Overview

overview

Static

static

1

rufus.exe

windows7-x64

rufus.exe

windows10-2004-x64

Sharing

General

Target

rufus.exe
Size

1.2MB
Sample

230807-zhk47ahd28
MD5

9b46fd720844076511d94496aac2b47f
SHA1

5be995e55f304e753116c5d38bac665a51539ebd
SHA256

9635c91adf7f8ee699b4b1b63d7342f3c732dfea9896cc0a67d9789b08577b5f
SHA512

2eb03c14a9824fc941073433921a984f34d82025544fc933bcdbc0ba4eb031e827eea178297cd3af9ad56cd806acbea5d69b9faa033a56c16b8e01d608b18730
SSDEEP

24576:oU1QcXKGCqN80AkGDU77N973AiZza4Wm7ZgqvenydUCAxik:oUNxH7N9zAV6YxP

Score

10^/10

blackbasta evasion ransomware

Static task

static1

Behavioral task

behavioral1

Sample

rufus.exe

Resource

win7-20230712-en

blackbasta ransomware

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

rufus.exe

Resource

win10v2004-20230703-en

blackbasta evasion ransomware

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  rufus.exe
- Size
  
  1.2MB
- MD5
  
  9b46fd720844076511d94496aac2b47f
- SHA1
  
  5be995e55f304e753116c5d38bac665a51539ebd
- SHA256
  
  9635c91adf7f8ee699b4b1b63d7342f3c732dfea9896cc0a67d9789b08577b5f
- SHA512
  
  2eb03c14a9824fc941073433921a984f34d82025544fc933bcdbc0ba4eb031e827eea178297cd3af9ad56cd806acbea5d69b9faa033a56c16b8e01d608b18730
- SSDEEP
  
  24576:oU1QcXKGCqN80AkGDU77N973AiZza4Wm7ZgqvenydUCAxik:oUNxH7N9zAV6YxP
Score

10^/10

blackbasta ransomware evasion
- Black Basta
  A ransomware family targeting Windows and Linux ESXi first seen in February 2022.
  ransomware blackbasta
- Black Basta payload
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Modifies boot configuration data using bcdedit
  ransomware evasion
- Sets desktop wallpaper using registry
  ransomware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

File Deletion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

Inhibit System Recovery

Tasks

static1

behavioral1

blackbastaransomware

behavioral2

blackbastaevasionransomware

© 2018-2024

Terms | Privacy