Extracted

• • Target

    69192821f8ce4561cf9c9cb494a133584179116cb2e7409bea3e18901a1ca944

  • Size

    550KB

  • MD5

    e52aa8e50c0ccf883b7ab7f0c36bb878

  • SHA1

    f0ae322f5067b20ee89d9826dc806abdd610fb60

  • SHA256

    69192821f8ce4561cf9c9cb494a133584179116cb2e7409bea3e18901a1ca944

  • SHA512

    65e6b735a88a3ab6e4dad015c5de020756d9e60c38e48f71f7fa72a66586b172dccae79e9470d2424639d4ae2307acb187f2c8ae72c782ac5acce02fd9442c78

  • SSDEEP

    12288:lzymiDGnYdnieNfazSqBZg+30ki1+zB8NOUx:lBveNfazSshNi1UK

  Score

  10^/10

  blackbastadefense_evasionexecutionimpactransomwarespywarestealer

  • Black Basta

    A ransomware family targeting Windows and Linux ESXi first seen in February 2022.

    ransomwareblackbasta

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution

  • Renames multiple (9752) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Drops startup file

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Drops desktop.ini file(s)

  • Sets desktop wallpaper using registry

    ransomware
  behavioral1behavioral2