Extracted

• • Target

    basta/basta.exe

  • Size

    1023KB

  • MD5

    08378cd36fdbf69dba24d14393ad564d

  • SHA1

    c698e08ff114499e9fecf39fcbf23f652f1cdad8

  • SHA256

    764b1117262d33f0a69b4f4c72fad607b7c71c262f60b9b2b35a21e7f4967786

  • SHA512

    ef831fc12ad4831e180c9e5e9babbf1a2d8675a918992fc6f5306447b30e12de63e5034124e31a2d9517db4322e7aaf4a01cecf3239f2c6f6d459358849ef197

  • SSDEEP

    12288:jbXTgrBCnMCz5WYgeWYg955/155/UqgFUHx2lvyRJbhLvTcT+sqnhDik2BBD+/rF:jbTgrBCnjzgsKrd7m4+OmMlaT2BZSP2

  Score

  10^/10

  blackbastadiscoveryransomwarespywarestealer

  • Black Basta

    A ransomware family targeting Windows and Linux ESXi first seen in February 2022.

    ransomwareblackbasta

  • Blackbasta family

    blackbasta

  • Renames multiple (9722) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Drops desktop.ini file(s)

  behavioral1behavioral2

• • Target

    basta/blank.docx

  • Size

    97KB

  • MD5

    faef191f63aa34eaf62b309e1fa6797b

  • SHA1

    f694595c850267b72ae7d78deb087badcaba1e9c

  • SHA256

    23628968944a6db98842aa2b69d931edd4dd889ff51d345373624af62f71f5b7

  • SHA512

    0bc5de66bdf619cd3a56916c0918d12ac1412e83b18d44db55b7593e4a29c9ff96f84b48b945b80ff50cfebd812a543be70e3298205bd46b9c6c8f8b1e01b617

  • SSDEEP

    3:v:v

  Score

  3^/10

  discovery
  behavioral3behavioral4