Extracted

• • Target

    80c6b04296ea1c89e4a58d67403dbe72f98691efb0013443c681225dd32b80ed.bin.sample

  • Size

    889KB

  • MD5

    4a2c293b5f4df429344538dc9da65ff5

  • SHA1

    8e5ddb0c85ea4947c2f5d061beaa282b991496e1

  • SHA256

    80c6b04296ea1c89e4a58d67403dbe72f98691efb0013443c681225dd32b80ed

  • SHA512

    f786138365f3faf8b24ec3ae2175094ac40420ce0be3cb4376a125277c0ccad9f7a14123ee9ce3068aa29b2112e764372e94c3325b2d8d95f68a22fbcf44c58b

  • SSDEEP

    24576:yUZSmCmLcNVcfBC2M03mUNeWqsOGlu5I+lEI:jccfB5mUNeWoGQ5plEI

  Score

  10^/10

  blackbastadefense_evasiondiscoveryexecutionimpactpersistenceransomwarespywarestealer

  • Black Basta

    A ransomware family targeting Windows and Linux ESXi first seen in February 2022.

    ransomwareblackbasta

  • Blackbasta family

    blackbasta

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution

  • Renames multiple (8976) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Drops desktop.ini file(s)

  behavioral1behavioral2