blackbasta | 96fdea105cf5bcf54071a6f6ff4395cc38f7dd923faf9736df4252b39926c8dd | Triage

Submit
Reports

Overview

overview

Static

static

5d2204f3a2...0aa.7z

windows10-2004-x64

Sharing

General

Target

5d2204f3a20e163120f52a2e3595db19890050b2faa96c6cba6b094b0a52b0aa.7z
Size

206KB
Sample

241111-vschksscnm
MD5

8e8e334ecaa9132f6e235c1e50d11e2b
SHA1

882d79d8d3f8461b45749a5ddec02d74af04e5ff
SHA256

96fdea105cf5bcf54071a6f6ff4395cc38f7dd923faf9736df4252b39926c8dd
SHA512

5a76c386d31c7c2fee5a86c2a75c1ed899e577635e19b0820814f15545997964a13d2e0a9d3888ebaa88a54419a8c88495e970b20fc53d0dcc48dacd1a7027fa
SSDEEP

6144:PNv7s6xrtx7M5ugBu7APAEMXRxO+4jKza:Z7s6F7AHBu0PAEMXRx50Kza

Score

10^/10

blackbasta defense_evasion discovery evasion execution impact ransomware

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

5d2204f3a20e163120f52a2e3595db19890050b2faa96c6cba6b094b0a52b0aa.7z

Resource

win10v2004-20241007-en

blackbasta defense_evasion discovery evasion execution impact ransomware

windows10-2004-x64

19 signatures

300 seconds

Malware Config

Targets

- Target
  
  5d2204f3a20e163120f52a2e3595db19890050b2faa96c6cba6b094b0a52b0aa.7z
- Size
  
  206KB
- MD5
  
  8e8e334ecaa9132f6e235c1e50d11e2b
- SHA1
  
  882d79d8d3f8461b45749a5ddec02d74af04e5ff
- SHA256
  
  96fdea105cf5bcf54071a6f6ff4395cc38f7dd923faf9736df4252b39926c8dd
- SHA512
  
  5a76c386d31c7c2fee5a86c2a75c1ed899e577635e19b0820814f15545997964a13d2e0a9d3888ebaa88a54419a8c88495e970b20fc53d0dcc48dacd1a7027fa
- SSDEEP
  
  6144:PNv7s6xrtx7M5ugBu7APAEMXRxO+4jKza:Z7s6F7AHBu0PAEMXRx50Kza
Score

10^/10

blackbasta defense_evasion discovery evasion execution impact ransomware
- Black Basta
  A ransomware family targeting Windows and Linux ESXi first seen in February 2022.
  ransomware blackbasta
- Black Basta payload
- Blackbasta family
  blackbasta
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware defense_evasion impact execution
- Modifies boot configuration data using bcdedit
  ransomware evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Sets desktop wallpaper using registry
  ransomware
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Windows Management Instrumentation

Persistence

Privilege Escalation

Defense Evasion

Direct Volume Access

Indicator Removal

File Deletion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

Inhibit System Recovery

Tasks

static1

behavioral1

blackbastadefense_evasiondiscoveryevasionexecutionimpactransomware

© 2018-2024

Terms | Privacy