Extracted

• • Target

    462bbb8fd7be98129aa73efa91e2d88fa9cafc7b47431b8227d1957f5d0c8ba7

  • Size

    1018KB

  • MD5

    d50a3b60eb046c5d7bc6768bd3d7f1b9

  • SHA1

    7a33162908cba6678dc75d688da1f86b54849782

  • SHA256

    462bbb8fd7be98129aa73efa91e2d88fa9cafc7b47431b8227d1957f5d0c8ba7

  • SHA512

    0ff59614c5f1e118f02c5b895ffc574bee59fbec5a2b859dd970173765420ae16bb4db06ce8159dabca6304f5ced0a1e75afde15720eba3f3510e5f47fa14897

  • SSDEEP

    24576:FNmcuJVxZ02owfnvUo7cvx1Swcs/mpVs/DtnGgFg9voR:yDljHZsnHx/GctvFx

  Score

  10^/10

  blackbastadefense_evasionexecutionimpactransomwarespywarestealer

  • Black Basta

    A ransomware family targeting Windows and Linux ESXi first seen in February 2022.

    ransomwareblackbasta

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution

  • Renames multiple (9554) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Drops desktop.ini file(s)

  behavioral1behavioral2