General

  • Target

    tmp9_c0xj_s

  • Size

    563KB

  • Sample

    240820-ptt65asape

  • MD5

    3f400f30415941348af21d515a2fc6a3

  • SHA1

    bd0bf9c987288ca434221d7d81c54a47e913600a

  • SHA256

    5d2204f3a20e163120f52a2e3595db19890050b2faa96c6cba6b094b0a52b0aa

  • SHA512

    0d4c3ee8807bbbf635ce2d1ce1b747c23cc2724ff999580169e5514c7c97109083bea169bd6a5f8be35f3b679bb8446839fcc7a38f78503658eda306bec69154

  • SSDEEP

    12288:TFx0B/O7JxPzW9JPlHKtxYRkG7zLfpXE6SbJ:Rx7zW9JPlGskG1v

Malware Config

Targets

    • Target

      tmp9_c0xj_s

    • Size

      563KB

    • MD5

      3f400f30415941348af21d515a2fc6a3

    • SHA1

      bd0bf9c987288ca434221d7d81c54a47e913600a

    • SHA256

      5d2204f3a20e163120f52a2e3595db19890050b2faa96c6cba6b094b0a52b0aa

    • SHA512

      0d4c3ee8807bbbf635ce2d1ce1b747c23cc2724ff999580169e5514c7c97109083bea169bd6a5f8be35f3b679bb8446839fcc7a38f78503658eda306bec69154

    • SSDEEP

      12288:TFx0B/O7JxPzW9JPlHKtxYRkG7zLfpXE6SbJ:Rx7zW9JPlGskG1v

    • Black Basta

      A ransomware family targeting Windows and Linux ESXi first seen in February 2022.

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Modifies boot configuration data using bcdedit

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Sets desktop wallpaper using registry

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.