Overview

overview

10

Static

static

10

0d6c3de5ae...bfc2ef

ubuntu-18.04-amd64

1

17205c4318...90.exe

windows7-x64

9

17205c4318...90.exe

windows10-2004-x64

9

1cad451ced...7b.exe

windows7-x64

3

1cad451ced...7b.exe

windows10-2004-x64

3

44369783a8...a86.js

windows7-x64

3

44369783a8...a86.js

windows10-2004-x64

3

7c7acd87b4...78f.js

windows7-x64

3

7c7acd87b4...78f.js

windows10-2004-x64

3

96339a7e87...b8e5be

ubuntu-18.04-amd64

1

97daa26c59...992.js

windows7-x64

3

97daa26c59...992.js

windows10-2004-x64

3

ae7c868713...6e.exe

windows7-x64

10

ae7c868713...6e.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    vtsample19213598543.zip

  • Size

    1.6MB

  • Sample

    241002-drh6asvajl

  • MD5

    9c71bf9deccf1d931dde3ac119ad4d56

  • SHA1

    4347496a6da4812134a8a8868fa051f93461d7d8

  • SHA256

    a24a9896229ca06a180da09f45cc7991be06bf690b6b0276416520d3260d35e5

  • SHA512

    f18d9749b70ac8d0ad923cf456d3c81d5049e93e5c34e3f79f5c619474d6346f5d62c0f678134ae0331ea21208150876efd68cf5b4d2826ba1a3e2bb055c2de4

  • SSDEEP

    24576:u4DqtZmENHizQZG3Fk9f7vHdy+Z+D5MIoi48A1swgDPl+mKP2iSoKZWa21/f1Yrz:u42HmEBx2y7Xs9DH48L+PVKE1xE08t/

Score
10/10
blackbastacredential_accessdefense_evasiondiscoveryexecutionimpactlinuxransomwarespywarestealer

Malware Config

Extracted

Path

C:\Program Files\readme.txt

Ransom Note
Your data are stolen and encrypted The data will be published on TOR website if you do not pay the ransom You can contact us and decrypt one file for free on this TOR site (you should download and install TOR browser first https://torproject.org) https://aazsbsgya565vlu2c6bzy6yfiebkcbtvvcytvolt33s77xypi7nypxyd.onion:80/ Your company id for log in: ba7a7058-3531-4b67-bae6-d602e9110361
URLs

https://aazsbsgya565vlu2c6bzy6yfiebkcbtvvcytvolt33s77xypi7nypxyd.onion:80/

Targets

    • Target

      0d6c3de5aebbbe85939d7588150edf7b7bdc712fceb6a83d79e65b6f79bfc2ef

    • Size

      216KB

    • MD5

      32f17040ddaf3477008d844c8eb98410

    • SHA1

      b363e038a6d6326e07a02e7ff99d82852f8ec2d2

    • SHA256

      0d6c3de5aebbbe85939d7588150edf7b7bdc712fceb6a83d79e65b6f79bfc2ef

    • SHA512

      fb29cbaa35b4d54979e4fd311f46c475443c09154b6150b03a4dbe76ac4f65f4c3a1ce54e7d28ebd7f69a9b50c2efb06a664e42679aebf5e116d74ff5db3d01d

    • SSDEEP

      6144:qHxwGbi2dn97rh3akMS2vEUrhsQpN1W4XaOZ/6gpZF7:XG+y97KvDW2N

    Score
    1/10
    behavioral1

    • Target

      17205c43189c22dfcb278f5cc45c2562f622b0b6280dcd43cc1d3c274095eb90

    • Size

      636KB

    • MD5

      267d5c3137d313ce1a86c2f255a835e6

    • SHA1

      c7a37c0edeffd23777cca44f9b49076be1bd43e6

    • SHA256

      17205c43189c22dfcb278f5cc45c2562f622b0b6280dcd43cc1d3c274095eb90

    • SHA512

      9c119a9f973dae77f2cdd6a855ae45c20660aadc5c592f6d06f6360dd0bb5a380d0ed1fcc23c0cb721da70bcca7d32db46181be675bf0587276d35d6da26a31e

    • SSDEEP

      12288:aEky5bwpy02iRaeXCP2CIcdoKAXMr+Mr+kJZ4:j02iRaeHPcdo18rTrf6

    Score
    9/10
    discoveryransomwarespywarestealercredential_access

    • Renames multiple (9810) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Credentials from Password Stores: Windows Credential Manager

      Suspicious access to Credentials History.

      credential_accessstealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Sets desktop wallpaper using registry

      ransomware
    behavioral2behavioral3

    • Target

      1cad451cedeb9967c790c1671cd2e3482de87e3e802953f28e426642894ceb7b

    • Size

      1.1MB

    • MD5

      1e926369c3207662b9871e780c558177

    • SHA1

      8150bfc85a83046aa4df782cefe6d9a1fb3356aa

    • SHA256

      1cad451cedeb9967c790c1671cd2e3482de87e3e802953f28e426642894ceb7b

    • SHA512

      69a3439259f6b6a5b92c0bd0c0542b648986b363e95db3db5195b3a5b81a7a64c54a87832e51ad3ca091f98890767f0f487f800bdd8c395cba99bd7e66377f33

    • SSDEEP

      24576:kaNillzz4yw/iyeTM/oGll9iCFBgN62oUIwvbGaL5gg5YF:oxKM6oi9iX0nUDr5YF

    Score
    3/10
    discovery
    behavioral4behavioral5

    • Target

      44369783a819a38909e89449495fb98c3f9ba07dd0d2fa55a24a560a89f21a86

    • Size

      1KB

    • MD5

      26a5a7e71a601be991073c78d513dee3

    • SHA1

      4d89f323a89acefc43c312cd0d198066db7ddf34

    • SHA256

      44369783a819a38909e89449495fb98c3f9ba07dd0d2fa55a24a560a89f21a86

    • SHA512

      b6075715a875fcbbce947260c0d6b7cd9a66145438de0deea75bfbf6e7d801a71cea0ac60f9895856e3f7af492b4d7e83ac140166a4de673c0aa006ce7896896

    Score
    3/10
    execution
    behavioral6behavioral7

    • Target

      7c7acd87b47d405da4d6efa2c43599148e12c094970ba198905f0a165d79a78f

    • Size

      14KB

    • MD5

      e02be0dc614523ddd7a28c9e9d500cff

    • SHA1

      a900b33ba9700cf0aece6c2811202253767aa6e2

    • SHA256

      7c7acd87b47d405da4d6efa2c43599148e12c094970ba198905f0a165d79a78f

    • SHA512

      ae5ec7fa79f81037c43cb72b2e1b393a3198ba5f9f5bd11576eaaefb7806f133e069b4e00f10ee594ddf354df01866e285b3392d225c84418aeef7f0373b5fff

    • SSDEEP

      384:XsCFUjcuhdJoyGeCtcBokIC82lgCRWtl3:XsCFUjcuhd6IoFC84gOWT

    Score
    3/10
    execution
    behavioral8behavioral9

    • Target

      96339a7e87ffce6ced247feb9b4cb7c05b83ca315976a9522155bad726b8e5be

    • Size

      204KB

    • MD5

      7688c1b7a1124c1cd9413f4b535b2f44

    • SHA1

      8ccac360e2ca37b2fa9f5fa81b22114fb8936120

    • SHA256

      96339a7e87ffce6ced247feb9b4cb7c05b83ca315976a9522155bad726b8e5be

    • SHA512

      9810c1bf7d58e6a68e9518aebd228b9fd8d589e016722f9418e03b3940b9d36fa7d7c76e64c1924d5f3e8c699a5956868182896968f22f8b2bb9d24dff607916

    • SSDEEP

      6144:OUjqtclKpiqKLICZM5cUq29shXs6u7ulx97Z52Gd:fqt4KoVkCm9oV

    Score
    1/10
    behavioral10

    • Target

      97daa26c59e0e151f66872147ccd30dd1815bc6e63ec40c288130c6e8a6ea992

    • Size

      4KB

    • MD5

      64454645a9a21510226ab29e01e76d39

    • SHA1

      783d8b32d5a99bfe1367f0709562e36a6b4a042f

    • SHA256

      97daa26c59e0e151f66872147ccd30dd1815bc6e63ec40c288130c6e8a6ea992

    • SHA512

      87311ba40952d52f9049b6a2ec5f4b96e0a77ce5ebf8e5bcdb851e28d2fd020422e11fe0750a17032ef520d7bf86893696096bd546b0dd3912ba8b9b337f51fe

    • SSDEEP

      96:qz8crcCCRgR2R2OKpaiQRCoaiQRMIQHqEsqiq0bQC/B3TT6:w8crcCCRgR2R2lpaiQRCoaiQRLEf9UTe

    Score
    3/10
    execution
    behavioral11behavioral12

    • Target

      ae7c868713e1d02b4db60128c651eb1e3f6a33c02544cc4cb57c3aa6c6581b6e

    • Size

      543KB

    • MD5

      53fdeb923b1890d29b8f29da77995938

    • SHA1

      a996ccd0d58125bf299e89f4c03ff37afdab33fc

    • SHA256

      ae7c868713e1d02b4db60128c651eb1e3f6a33c02544cc4cb57c3aa6c6581b6e

    • SHA512

      7c78e880f3d2dfc163625ff3d0b4676aa6a083dbbeac270520679f6b21d1c449c5af720ca7b9a68b5b3309e2de8d586cfed5d9b3a78d006e6d981a1aaf88c535

    • SSDEEP

      12288:M1DTMHixr1moQqUiXINDl/m1s6BQio67VlAU:AzmoQqUiXw2s6yiVxR

    Score
    10/10
    blackbastadefense_evasiondiscoveryexecutionimpactransomware

    • Black Basta

      A ransomware family targeting Windows and Linux ESXi first seen in February 2022.

      ransomwareblackbasta

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomwaredefense_evasionimpactexecution

    • Renames multiple (6015) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Drops desktop.ini file(s)

    • Sets desktop wallpaper using registry

      ransomware
    behavioral13behavioral14

MITRE ATT&CK Enterprise v15

Tasks