Extracted

• • Target

    0a8297b274aeab986d6336b395b39b3af1bb00464cf5735d1ecdb506fef9098e

  • Size

    849KB

  • MD5

    403dee0dd3891459b22a8a37828b66b8

  • SHA1

    919c33adb648ce13ee8bd7c11bffbfd836936c00

  • SHA256

    0a8297b274aeab986d6336b395b39b3af1bb00464cf5735d1ecdb506fef9098e

  • SHA512

    8cab8ca9ff17c404d6e41358804daf0915713ad3e8e690457e2f9aab4014c894fd73e406aad8837ed8409be32315a4a0f3ef41795828d7447fde68c6fe9226f2

  • SSDEEP

    24576:TdxKSvB4i4sSnMIsBadfBZz4kIsPP3q7uL+gB+UtcMT:Jvei4sSEad5Zz4kIsPP34uL+gB++cW

  Score

  10^/10

  defense_evasionexecutionimpactransomwareblackbastaspywarestealer

  • Black Basta

    A ransomware family targeting Windows and Linux ESXi first seen in February 2022.

    ransomwareblackbasta

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution

  • Renames multiple (9479) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Drops desktop.ini file(s)

  behavioral1behavioral2