Extracted

• • Target

    96baed262fd126604299b719bb1c5f44376149693c9d5c66f663b2ea693854cc.bin.sample

  • Size

    890KB

  • MD5

    cbcdea93331bf90f7f2ca77ac98fe13c

  • SHA1

    b9c7e3371dd668847d73c661a93ed28d046f0f75

  • SHA256

    96baed262fd126604299b719bb1c5f44376149693c9d5c66f663b2ea693854cc

  • SHA512

    519d9f5f0762bda56e3c5ff1330255038259af7a7d6b595448711ca408a26e5f9f1691729f1eca13f144cae730a59ba294efb34a1d142bc1de698326fc63773f

  • SSDEEP

    24576:aPXdcPawe01sAN3BSWM0sdcOHgbLTB8/JYYaj:aK1sW3B6dcOHgbBgJYYaj

  Score

  10^/10

  blackbastadefense_evasiondiscoveryexecutionimpactpersistenceransomware

  • Black Basta

    A ransomware family targeting Windows and Linux ESXi first seen in February 2022.

    ransomwareblackbasta

  • Blackbasta family

    blackbasta

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution

  • Renames multiple (4988) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Adds Run key to start application

    persistence
  behavioral1behavioral2