Extracted

• • Target

    2024-04-17_4d9374c7352452ff60805fd2026288ef_magniber

  • Size

    1.7MB

  • MD5

    4d9374c7352452ff60805fd2026288ef

  • SHA1

    51408ccb2074ef28a8f5342074047afa0dfca40f

  • SHA256

    58edd2a0980b15f7fc6c892011751a30c134757142a54c2cedcbba4af2cbf855

  • SHA512

    992621093ecccc2facdad80e28da361f7e6d9fe296d398c061095127f5713a3c18ef6cf971aa7b52d5b1ef87253edf654feb2fc67ad722c89a8195dbb4b8adf9

  • SSDEEP

    49152:jPNi7z6QzqIStJV/GYZ1zkm5BUm9SFadRd:jPNiX6QzqISppZ1zlSUdRd

  Score

  10^/10

  blackbastapersistenceransomware

  • Black Basta

    A ransomware family targeting Windows and Linux ESXi first seen in February 2022.

    ransomwareblackbasta

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Detects command variations typically used by ransomware

  • Renames multiple (4213) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Adds Run key to start application

    persistence
  behavioral1behavioral2