General
-
Target
86a4dd6be867846b251460d2a0874e6413589878d27f2c4482b54cec134cc737
-
Size
1010KB
-
Sample
240514-fm3egscb75
-
MD5
e4d9351749d5b713b3838ba7b1fe8060
-
SHA1
e1caf6484d899e7bb4d0c72e8bea8ff718ff073a
-
SHA256
86a4dd6be867846b251460d2a0874e6413589878d27f2c4482b54cec134cc737
-
SHA512
ed422a357fa7bb4b03914490ec2a698854430296804218257c6be82982b3e8f0f405d8a0ad825deb40459a6043773da8bf3178125a1080846d257bff6efb2932
-
SSDEEP
12288:6cQgkNceVMcpWYgeWYg955/155/DEbdit4+1WJm5nN0gJHrGx5w/A0z+TMJjAolK:6cDkNcAV5KOgZrGXw/AHTwjA6M
Static task
static1
Behavioral task
behavioral1
Sample
86a4dd6be867846b251460d2a0874e6413589878d27f2c4482b54cec134cc737.dll
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
86a4dd6be867846b251460d2a0874e6413589878d27f2c4482b54cec134cc737.dll
Resource
win10-20240404-en
Malware Config
Extracted
C:\Program Files\instructions_read_me.txt
blackbasta
https://bastad5huzwkepdixedg2gekg7jk22ato24zyllp6lnjx7wdtyctgvyd.onion/
Targets
-
-
Target
86a4dd6be867846b251460d2a0874e6413589878d27f2c4482b54cec134cc737
-
Size
1010KB
-
MD5
e4d9351749d5b713b3838ba7b1fe8060
-
SHA1
e1caf6484d899e7bb4d0c72e8bea8ff718ff073a
-
SHA256
86a4dd6be867846b251460d2a0874e6413589878d27f2c4482b54cec134cc737
-
SHA512
ed422a357fa7bb4b03914490ec2a698854430296804218257c6be82982b3e8f0f405d8a0ad825deb40459a6043773da8bf3178125a1080846d257bff6efb2932
-
SSDEEP
12288:6cQgkNceVMcpWYgeWYg955/155/DEbdit4+1WJm5nN0gJHrGx5w/A0z+TMJjAolK:6cDkNcAV5KOgZrGXw/AHTwjA6M
Score10/10-
Black Basta
A ransomware family targeting Windows and Linux ESXi first seen in February 2022.
-
Renames multiple (9728) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops desktop.ini file(s)
-