General
-
Target
2a29806f2fe4302bc216d33ce1d96190f78f28e52f55cb9be8642497de72ea57
-
Size
606KB
-
Sample
240724-k7eldaybmm
-
MD5
1f9d222381433d27ec45ec155cca3668
-
SHA1
8f644d0abfe6d38e8ecd7c048e3dba9cec8556db
-
SHA256
2a29806f2fe4302bc216d33ce1d96190f78f28e52f55cb9be8642497de72ea57
-
SHA512
a5226d017b104a029f25ed29316188b27015610c4c89c5b1ab1347c2a894a8d3384b00d92042b3310abedb31489cfc1f12a1cb03e79fb04b6ffe7a9358b2bb86
-
SSDEEP
12288:p53pdZHQDhgZ3l+CiirtpYNRNPKGOYU/ErfUN+lkbBSoqol5vzjJXOa:p53rZSgZ3l+Arn+GYUKfUvbBSoq4hL
Static task
static1
Behavioral task
behavioral1
Sample
3d8713641264c41cd6784c5569c1447299fba88633070e40e70bb3ae2b4c5a4e.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
3d8713641264c41cd6784c5569c1447299fba88633070e40e70bb3ae2b4c5a4e.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
C:\ProgramData\readme.txt
https://aazsbsgya565vlu2c6bzy6yfiebkcbtvvcytvolt33s77xypi7nypxyd.onion/
Targets
-
-
Target
3d8713641264c41cd6784c5569c1447299fba88633070e40e70bb3ae2b4c5a4e.exe
-
Size
928KB
-
MD5
2dc4adf06247b4ed9031a53ef910626c
-
SHA1
789437e946b3e8d1ccd14ee70e42c7d89ba054b2
-
SHA256
3d8713641264c41cd6784c5569c1447299fba88633070e40e70bb3ae2b4c5a4e
-
SHA512
9e6eaa4b27e2d6bc1306c33e74465256fab086972680d3a0014cafca8f22bbf865ffaa0f81332ffef83287252faf2ca0c7f369d11412b19ffb57e8e72ea5e0ae
-
SSDEEP
24576:oUY29aeV/XqzB+qv6w8zJx/W2nz9dPOmX:oUYMPqzFvT8/W2nznP
-
Black Basta
A ransomware family targeting Windows and Linux ESXi first seen in February 2022.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Renames multiple (9678) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Credentials from Password Stores: Windows Credential Manager
Suspicious access to Credentials History.
-
Drops startup file
-
Drops desktop.ini file(s)
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Direct Volume Access
1Indicator Removal
2File Deletion
2Modify Registry
1Credential Access
Credentials from Password Stores
2Credentials from Web Browsers
1Windows Credential Manager
1Unsecured Credentials
1Credentials In Files
1