Extracted

• • Target

    b32daf27aa392d26bdf5faafbaae6b21cd6c918d461ff59f548a73d447a96dd9

  • Size

    5.8MB

  • MD5

    e7d5201947829fd265a0356771fbeb63

  • SHA1

    6c90b89aad04f38c584fcee1d47fed9cd79f8ef1

  • SHA256

    b32daf27aa392d26bdf5faafbaae6b21cd6c918d461ff59f548a73d447a96dd9

  • SHA512

    e3442ecebdb29ea722142f9a1a533b8fe6297b9e6923cf290cc3850287a864059bb17709ee03ce134f36d5e333a36a9c37345507a7f9fbd007ca8fbf89abce31

  • SSDEEP

    98304:yfUTMfcltw7HaqKN2A2lO8azKowdWr6z3h4q1KIqoS4aMTlcMmbFLOAkGkzdnEVk:2UiEsGE/r1R4q8IqoSP4cMmbFLOyomFI

  Score

  10^/10

  defense_evasionexecutionimpactpersistenceransomwareblackbastaspywarestealer

  • Black Basta

    A ransomware family targeting Windows and Linux ESXi first seen in February 2022.

    ransomwareblackbasta

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Drops desktop.ini file(s)

  behavioral1behavioral2