General
-
Target
tmp9_c0xj_s
-
Size
563KB
-
Sample
240820-ptt65asape
-
MD5
3f400f30415941348af21d515a2fc6a3
-
SHA1
bd0bf9c987288ca434221d7d81c54a47e913600a
-
SHA256
5d2204f3a20e163120f52a2e3595db19890050b2faa96c6cba6b094b0a52b0aa
-
SHA512
0d4c3ee8807bbbf635ce2d1ce1b747c23cc2724ff999580169e5514c7c97109083bea169bd6a5f8be35f3b679bb8446839fcc7a38f78503658eda306bec69154
-
SSDEEP
12288:TFx0B/O7JxPzW9JPlHKtxYRkG7zLfpXE6SbJ:Rx7zW9JPlGskG1v
Behavioral task
behavioral1
Sample
tmp9_c0xj_s.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
tmp9_c0xj_s.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
tmp9_c0xj_s
-
Size
563KB
-
MD5
3f400f30415941348af21d515a2fc6a3
-
SHA1
bd0bf9c987288ca434221d7d81c54a47e913600a
-
SHA256
5d2204f3a20e163120f52a2e3595db19890050b2faa96c6cba6b094b0a52b0aa
-
SHA512
0d4c3ee8807bbbf635ce2d1ce1b747c23cc2724ff999580169e5514c7c97109083bea169bd6a5f8be35f3b679bb8446839fcc7a38f78503658eda306bec69154
-
SSDEEP
12288:TFx0B/O7JxPzW9JPlHKtxYRkG7zLfpXE6SbJ:Rx7zW9JPlGskG1v
-
Black Basta
A ransomware family targeting Windows and Linux ESXi first seen in February 2022.
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Modifies boot configuration data using bcdedit
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Sets desktop wallpaper using registry
-