Extracted

• • Target

    df5b004be71717362e6b1ad22072f9ee4113b95b5d78c496a90857977a9fb415

  • Size

    949KB

  • MD5

    a292fee8d8db83711e72c06d6f82562d

  • SHA1

    82f88c1af036181ee4e92a2f9338c152d1ff0c58

  • SHA256

    df5b004be71717362e6b1ad22072f9ee4113b95b5d78c496a90857977a9fb415

  • SHA512

    50a63500809fdc218b3d1cdc2cf402261e1c2d63c6f66088c857b03f6c7e7165835f9959b9d8200541e6f69dd149bdc0f7c0a0801caaeccfe0a9807e7f8289f1

  • SSDEEP

    12288:RcOlvT7Zom3rITxaVDrd5vUa69Ghj91nlQocyW7/P6E4kKjqnes9PBVW/g:RDJJDbcJ90jtH0bP6ELVne2

  Score

  10^/10

  blackbastadefense_evasionexecutionimpactransomwarespywarestealer

  • Black Basta

    A ransomware family targeting Windows and Linux ESXi first seen in February 2022.

    ransomwareblackbasta

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution

  • Renames multiple (9529) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Drops desktop.ini file(s)

  behavioral1behavioral2