Overview

overview

10

Static

static

10

ae7c868713...6e.exe

windows7-x64

10

ae7c868713...6e.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    892bb04889678134fbdde62d573eef1274c328b4e216ea7dc17ed0065fe8be37

  • Size

    264KB

  • Sample

    240417-rhv1dsbc59

  • MD5

    a71d04c2747fe7ee42bd4b61704336ee

  • SHA1

    849140b6906cb36e3783cb8670d25a959403d17b

  • SHA256

    892bb04889678134fbdde62d573eef1274c328b4e216ea7dc17ed0065fe8be37

  • SHA512

    14de30f7adb95831fd9c3201401b2f8b17c93e1a0c2dfa6d0f6ecd23585b9a1155e40620c5470e0302635624d631eeb0c5e6c95654ceca0a0d5edc9a54fcd5ce

  • SSDEEP

    3072:24L2m+7eL4SOcZ27ZZaxj55VWN87EBK4d5XHN9tUHdohJ4uQq3BGdFWRJkaA2:262m+7CZGWF55bE40pxU9odQqxZJc2

Score
10/10
blackbastaransomwarespywarestealer

Malware Config

Extracted

Path

C:\Program Files\readme.txt

Ransom Note
Your data are stolen and encrypted The data will be published on TOR website if you do not pay the ransom You can contact us and decrypt one file for free on this TOR site (you should download and install TOR browser first https://torproject.org) https://aazsbsgya565vlu2c6bzy6yfiebkcbtvvcytvolt33s77xypi7nypxyd.onion:80/ Your company id for log in: ba7a7058-3531-4b67-bae6-d602e9110361
URLs

https://aazsbsgya565vlu2c6bzy6yfiebkcbtvvcytvolt33s77xypi7nypxyd.onion:80/

Targets

    • Target

      ae7c868713e1d02b4db60128c651eb1e3f6a33c02544cc4cb57c3aa6c6581b6e.exe

    • Size

      543KB

    • MD5

      53fdeb923b1890d29b8f29da77995938

    • SHA1

      a996ccd0d58125bf299e89f4c03ff37afdab33fc

    • SHA256

      ae7c868713e1d02b4db60128c651eb1e3f6a33c02544cc4cb57c3aa6c6581b6e

    • SHA512

      7c78e880f3d2dfc163625ff3d0b4676aa6a083dbbeac270520679f6b21d1c449c5af720ca7b9a68b5b3309e2de8d586cfed5d9b3a78d006e6d981a1aaf88c535

    • SSDEEP

      12288:M1DTMHixr1moQqUiXINDl/m1s6BQio67VlAU:AzmoQqUiXw2s6yiVxR

    Score
    10/10
    blackbastaransomwarespywarestealer

    • Black Basta

      A ransomware family targeting Windows and Linux ESXi first seen in February 2022.

      ransomwareblackbasta

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Renames multiple (9584) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Drops desktop.ini file(s)

    • Sets desktop wallpaper using registry

      ransomware
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks