Extracted

• • Target

    2413841b2f5f656e269f61644d3957847b199107bb6b141c3208a03df59f0759.exe

  • Size

    1.9MB

  • MD5

    7c62976c8d0e7434b327ce3c402d8a62

  • SHA1

    0d91b68c7b1a1fb5471258591676fcf89025e238

  • SHA256

    2413841b2f5f656e269f61644d3957847b199107bb6b141c3208a03df59f0759

  • SHA512

    51e43e3d863ff2f549699653c27bf4e08aaabe1d3853a3ed0b2a713ac627295646ef309906ecf1765d9372fc653891c31c87b6bd39676a59ec5b12876e38d58c

  • SSDEEP

    49152:qfM4iMoQz20361ERIJ0UWGtT069FKdqd:qfM4RoQz20KVsG+akdqd

  Score

  10^/10

  discoveryblackbastadefense_evasionexecutionimpactpersistenceransomware

  • Black Basta

    A ransomware family targeting Windows and Linux ESXi first seen in February 2022.

    ransomwareblackbasta

  • Blackbasta family

    blackbasta

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution

  • Renames multiple (4113) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Adds Run key to start application

    persistence
  behavioral1behavioral2