General
-
Target
723d1cf3d74fb3ce95a77ed9dff257a78c8af8e67a82963230dd073781074224
-
Size
1.4MB
-
Sample
240514-fm1kwsbf7x
-
MD5
6441d7260944bcedc5958c5c8a05d16d
-
SHA1
46257982840493eca90e051ff1749e7040895584
-
SHA256
723d1cf3d74fb3ce95a77ed9dff257a78c8af8e67a82963230dd073781074224
-
SHA512
af88fd3a0a2728c811be524feee575d8d2d9623b7944021c83173e40dbec6b1fbe7bea64dcdd8f1dbebc7d8df76b40e5c9647e2586316ea46ceb191ebcf14d89
-
SSDEEP
24576:1p2gwjk6ikYhJ9lvGnYZvy48/V33ck7LnBAyldFu8hod/Qodly:1AgxkmvGnYWccjBAwFadRd
Static task
static1
Behavioral task
behavioral1
Sample
723d1cf3d74fb3ce95a77ed9dff257a78c8af8e67a82963230dd073781074224.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
723d1cf3d74fb3ce95a77ed9dff257a78c8af8e67a82963230dd073781074224.exe
Resource
win10-20240404-en
Malware Config
Extracted
C:\Program Files (x86)\instructions_read_me.txt
blackbasta
https://bastad5huzwkepdixedg2gekg7jk22ato24zyllp6lnjx7wdtyctgvyd.onion/
Targets
-
-
Target
723d1cf3d74fb3ce95a77ed9dff257a78c8af8e67a82963230dd073781074224
-
Size
1.4MB
-
MD5
6441d7260944bcedc5958c5c8a05d16d
-
SHA1
46257982840493eca90e051ff1749e7040895584
-
SHA256
723d1cf3d74fb3ce95a77ed9dff257a78c8af8e67a82963230dd073781074224
-
SHA512
af88fd3a0a2728c811be524feee575d8d2d9623b7944021c83173e40dbec6b1fbe7bea64dcdd8f1dbebc7d8df76b40e5c9647e2586316ea46ceb191ebcf14d89
-
SSDEEP
24576:1p2gwjk6ikYhJ9lvGnYZvy48/V33ck7LnBAyldFu8hod/Qodly:1AgxkmvGnYWccjBAwFadRd
-
Black Basta
A ransomware family targeting Windows and Linux ESXi first seen in February 2022.
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Renames multiple (9654) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-