Extracted

• • Target

    e28188e516db1bda9015c30de59a2e91996b67c2e2b44989a6b0f562577fd757

  • Size

    681KB

  • MD5

    59db7bd22d4ec503b768ece646205c27

  • SHA1

    ff57cda4829978d8b6f7f1f31356f291b37acaa6

  • SHA256

    e28188e516db1bda9015c30de59a2e91996b67c2e2b44989a6b0f562577fd757

  • SHA512

    d35708f7d53998917fc66a74f5ec158cc3726fa9f3035c3e13fca4fa38c66a18839b156281f21ad80e92537e7ba052fb64ce6a6bda62f0d6e955db78191e522c

  • SSDEEP

    12288:lMJYSP5VV3VG7rYyPT+p/VYXMJ8oD536bGIqs7GBvw0QygfmHp:lMVj3IXYETQV1XD5VIZ7GOg1J

  Score

  10^/10

  defense_evasionexecutionimpactransomwareblackbastaspywarestealer

  • Black Basta

    A ransomware family targeting Windows and Linux ESXi first seen in February 2022.

    ransomwareblackbasta

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution

  • Renames multiple (9449) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Drops desktop.ini file(s)

  behavioral1behavioral2