General
-
Target
1354254499b2e3353708747d36c334074f40c1f726ea7590384f2192c972f8c3.exe
-
Size
1023KB
-
Sample
241027-hlwawsvelb
-
MD5
53a7c9b7ae1309fa2fda3cd9cd04d35d
-
SHA1
0376101a6ba19ae78e70aa8ac355f73d2ba623ad
-
SHA256
1354254499b2e3353708747d36c334074f40c1f726ea7590384f2192c972f8c3
-
SHA512
7950bf1455471f4c881d9b432a7bfdb31cc4e667a9c2c3acf59d1940b0604bb04493ea5b2dddba44be5665e8c9006c7d0c0a234c64d4d8fca4061e3467363e27
-
SSDEEP
12288:MaltsKTwLqC5SWYgeWYg955/155/QUrTaUHx2eP9RJbBDv6cTWPb9lWzpk+hMry/:MaltsKTwLB5k5PbG7pf6BadFmCxvzO
Static task
static1
Behavioral task
behavioral1
Sample
1354254499b2e3353708747d36c334074f40c1f726ea7590384f2192c972f8c3.dll
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
1354254499b2e3353708747d36c334074f40c1f726ea7590384f2192c972f8c3.dll
Resource
win10v2004-20241007-en
Malware Config
Extracted
C:\Program Files\instructions_read_me.txt
blackbasta
https://bastad5huzwkepdixedg2gekg7jk22ato24zyllp6lnjx7wdtyctgvyd.onion/
Targets
-
-
Target
1354254499b2e3353708747d36c334074f40c1f726ea7590384f2192c972f8c3.exe
-
Size
1023KB
-
MD5
53a7c9b7ae1309fa2fda3cd9cd04d35d
-
SHA1
0376101a6ba19ae78e70aa8ac355f73d2ba623ad
-
SHA256
1354254499b2e3353708747d36c334074f40c1f726ea7590384f2192c972f8c3
-
SHA512
7950bf1455471f4c881d9b432a7bfdb31cc4e667a9c2c3acf59d1940b0604bb04493ea5b2dddba44be5665e8c9006c7d0c0a234c64d4d8fca4061e3467363e27
-
SSDEEP
12288:MaltsKTwLqC5SWYgeWYg955/155/QUrTaUHx2eP9RJbBDv6cTWPb9lWzpk+hMry/:MaltsKTwLB5k5PbG7pf6BadFmCxvzO
Score10/10-
Black Basta
A ransomware family targeting Windows and Linux ESXi first seen in February 2022.
-
Blackbasta family
-
Renames multiple (6225) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops desktop.ini file(s)
-