Extracted

• • Target

    0d6c3de5aebbbe85939d7588150edf7b7bdc712fceb6a83d79e65b6f79bfc2ef

  • Size

    216KB

  • MD5

    32f17040ddaf3477008d844c8eb98410

  • SHA1

    b363e038a6d6326e07a02e7ff99d82852f8ec2d2

  • SHA256

    0d6c3de5aebbbe85939d7588150edf7b7bdc712fceb6a83d79e65b6f79bfc2ef

  • SHA512

    fb29cbaa35b4d54979e4fd311f46c475443c09154b6150b03a4dbe76ac4f65f4c3a1ce54e7d28ebd7f69a9b50c2efb06a664e42679aebf5e116d74ff5db3d01d

  • SSDEEP

    6144:qHxwGbi2dn97rh3akMS2vEUrhsQpN1W4XaOZ/6gpZF7:XG+y97KvDW2N

  Score

  1^/10
  behavioral1behavioral2behavioral3behavioral4

• • Target

    17205c43189c22dfcb278f5cc45c2562f622b0b6280dcd43cc1d3c274095eb90

  • Size

    636KB

  • MD5

    267d5c3137d313ce1a86c2f255a835e6

  • SHA1

    c7a37c0edeffd23777cca44f9b49076be1bd43e6

  • SHA256

    17205c43189c22dfcb278f5cc45c2562f622b0b6280dcd43cc1d3c274095eb90

  • SHA512

    9c119a9f973dae77f2cdd6a855ae45c20660aadc5c592f6d06f6360dd0bb5a380d0ed1fcc23c0cb721da70bcca7d32db46181be675bf0587276d35d6da26a31e

  • SSDEEP

    12288:aEky5bwpy02iRaeXCP2CIcdoKAXMr+Mr+kJZ4:j02iRaeHPcdo18rTrf6

  Score

  9^/10

  discoveryransomwarespywarestealercredential_access

  • Renames multiple (5399) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Credentials from Password Stores: Windows Credential Manager

    Suspicious access to Credentials History.

    credential_accessstealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Sets desktop wallpaper using registry

    ransomware
  behavioral5behavioral6behavioral7behavioral8

• • Target

    1cad451cedeb9967c790c1671cd2e3482de87e3e802953f28e426642894ceb7b

  • Size

    1.1MB

  • MD5

    1e926369c3207662b9871e780c558177

  • SHA1

    8150bfc85a83046aa4df782cefe6d9a1fb3356aa

  • SHA256

    1cad451cedeb9967c790c1671cd2e3482de87e3e802953f28e426642894ceb7b

  • SHA512

    69a3439259f6b6a5b92c0bd0c0542b648986b363e95db3db5195b3a5b81a7a64c54a87832e51ad3ca091f98890767f0f487f800bdd8c395cba99bd7e66377f33

  • SSDEEP

    24576:kaNillzz4yw/iyeTM/oGll9iCFBgN62oUIwvbGaL5gg5YF:oxKM6oi9iX0nUDr5YF

  Score

  3^/10

  discovery
  behavioral10behavioral11behavioral12behavioral9

• • Target

    44369783a819a38909e89449495fb98c3f9ba07dd0d2fa55a24a560a89f21a86

  • Size

    1KB

  • MD5

    26a5a7e71a601be991073c78d513dee3

  • SHA1

    4d89f323a89acefc43c312cd0d198066db7ddf34

  • SHA256

    44369783a819a38909e89449495fb98c3f9ba07dd0d2fa55a24a560a89f21a86

  • SHA512

    b6075715a875fcbbce947260c0d6b7cd9a66145438de0deea75bfbf6e7d801a71cea0ac60f9895856e3f7af492b4d7e83ac140166a4de673c0aa006ce7896896

  Score

  3^/10

  execution
  behavioral13behavioral14behavioral15behavioral16

• • Target

    7c7acd87b47d405da4d6efa2c43599148e12c094970ba198905f0a165d79a78f

  • Size

    14KB

  • MD5

    e02be0dc614523ddd7a28c9e9d500cff

  • SHA1

    a900b33ba9700cf0aece6c2811202253767aa6e2

  • SHA256

    7c7acd87b47d405da4d6efa2c43599148e12c094970ba198905f0a165d79a78f

  • SHA512

    ae5ec7fa79f81037c43cb72b2e1b393a3198ba5f9f5bd11576eaaefb7806f133e069b4e00f10ee594ddf354df01866e285b3392d225c84418aeef7f0373b5fff

  • SSDEEP

    384:XsCFUjcuhdJoyGeCtcBokIC82lgCRWtl3:XsCFUjcuhd6IoFC84gOWT

  Score

  3^/10

  execution
  behavioral17behavioral18behavioral19behavioral20

• • Target

    96339a7e87ffce6ced247feb9b4cb7c05b83ca315976a9522155bad726b8e5be

  • Size

    204KB

  • MD5

    7688c1b7a1124c1cd9413f4b535b2f44

  • SHA1

    8ccac360e2ca37b2fa9f5fa81b22114fb8936120

  • SHA256

    96339a7e87ffce6ced247feb9b4cb7c05b83ca315976a9522155bad726b8e5be

  • SHA512

    9810c1bf7d58e6a68e9518aebd228b9fd8d589e016722f9418e03b3940b9d36fa7d7c76e64c1924d5f3e8c699a5956868182896968f22f8b2bb9d24dff607916

  • SSDEEP

    6144:OUjqtclKpiqKLICZM5cUq29shXs6u7ulx97Z52Gd:fqt4KoVkCm9oV

  Score

  1^/10
  behavioral21behavioral22behavioral23behavioral24

• • Target

    97daa26c59e0e151f66872147ccd30dd1815bc6e63ec40c288130c6e8a6ea992

  • Size

    4KB

  • MD5

    64454645a9a21510226ab29e01e76d39

  • SHA1

    783d8b32d5a99bfe1367f0709562e36a6b4a042f

  • SHA256

    97daa26c59e0e151f66872147ccd30dd1815bc6e63ec40c288130c6e8a6ea992

  • SHA512

    87311ba40952d52f9049b6a2ec5f4b96e0a77ce5ebf8e5bcdb851e28d2fd020422e11fe0750a17032ef520d7bf86893696096bd546b0dd3912ba8b9b337f51fe

  • SSDEEP

    96:qz8crcCCRgR2R2OKpaiQRCoaiQRMIQHqEsqiq0bQC/B3TT6:w8crcCCRgR2R2lpaiQRCoaiQRLEf9UTe

  Score

  3^/10

  execution
  behavioral25behavioral26behavioral27behavioral28

• • Target

    ae7c868713e1d02b4db60128c651eb1e3f6a33c02544cc4cb57c3aa6c6581b6e

  • Size

    543KB

  • MD5

    53fdeb923b1890d29b8f29da77995938

  • SHA1

    a996ccd0d58125bf299e89f4c03ff37afdab33fc

  • SHA256

    ae7c868713e1d02b4db60128c651eb1e3f6a33c02544cc4cb57c3aa6c6581b6e

  • SHA512

    7c78e880f3d2dfc163625ff3d0b4676aa6a083dbbeac270520679f6b21d1c449c5af720ca7b9a68b5b3309e2de8d586cfed5d9b3a78d006e6d981a1aaf88c535

  • SSDEEP

    12288:M1DTMHixr1moQqUiXINDl/m1s6BQio67VlAU:AzmoQqUiXw2s6yiVxR

  Score

  10^/10

  blackbastadefense_evasiondiscoveryexecutionimpactransomwarecredential_accessstealer

  • Black Basta

    A ransomware family targeting Windows and Linux ESXi first seen in February 2022.

    ransomwareblackbasta

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution

  • Renames multiple (6184) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Credentials from Password Stores: Windows Credential Manager

    Suspicious access to Credentials History.

    credential_accessstealer

  • Drops desktop.ini file(s)

  • Sets desktop wallpaper using registry

    ransomware
  behavioral29behavioral30behavioral31behavioral32