Extracted

• • Target

    basta/basta.dll

  • Size

    1023KB

  • MD5

    08378cd36fdbf69dba24d14393ad564d

  • SHA1

    c698e08ff114499e9fecf39fcbf23f652f1cdad8

  • SHA256

    764b1117262d33f0a69b4f4c72fad607b7c71c262f60b9b2b35a21e7f4967786

  • SHA512

    ef831fc12ad4831e180c9e5e9babbf1a2d8675a918992fc6f5306447b30e12de63e5034124e31a2d9517db4322e7aaf4a01cecf3239f2c6f6d459358849ef197

  • SSDEEP

    12288:jbXTgrBCnMCz5WYgeWYg955/155/UqgFUHx2lvyRJbhLvTcT+sqnhDik2BBD+/rF:jbTgrBCnjzgsKrd7m4+OmMlaT2BZSP2

  Score

  10^/10

  blackbastaransomwarespywarestealer

  • Black Basta

    A ransomware family targeting Windows and Linux ESXi first seen in February 2022.

    ransomwareblackbasta

  • Blackbasta family

    blackbasta

  • Renames multiple (7968) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Drops desktop.ini file(s)

  behavioral1behavioral2

• • Target

    basta/blank.docx

  • Size

    97KB

  • MD5

    faef191f63aa34eaf62b309e1fa6797b

  • SHA1

    f694595c850267b72ae7d78deb087badcaba1e9c

  • SHA256

    23628968944a6db98842aa2b69d931edd4dd889ff51d345373624af62f71f5b7

  • SHA512

    0bc5de66bdf619cd3a56916c0918d12ac1412e83b18d44db55b7593e4a29c9ff96f84b48b945b80ff50cfebd812a543be70e3298205bd46b9c6c8f8b1e01b617

  • SSDEEP

    3:v:v

  Score

  3^/10

  discovery
  behavioral3behavioral4

• • Target

    basta/blank2.docx

  • Size

    97KB

  • MD5

    faef191f63aa34eaf62b309e1fa6797b

  • SHA1

    f694595c850267b72ae7d78deb087badcaba1e9c

  • SHA256

    23628968944a6db98842aa2b69d931edd4dd889ff51d345373624af62f71f5b7

  • SHA512

    0bc5de66bdf619cd3a56916c0918d12ac1412e83b18d44db55b7593e4a29c9ff96f84b48b945b80ff50cfebd812a543be70e3298205bd46b9c6c8f8b1e01b617

  • SSDEEP

    3:v:v

  Score

  3^/10

  discovery
  behavioral5behavioral6

• • Target

    basta/start.bat

  • Size

    33B

  • MD5

    34eee3ee267d4f5e0ec60e5ad8fac9e1

  • SHA1

    d522e7e32849c1bc5e6f7665aa59e642f8fdcda0

  • SHA256

    9eebdef38366ca977bf24574af2c996ccfb19ace6f317bf52c91aacaebe1a090

  • SHA512

    6587491e3d725e8fad82ef3b9b915694cf54227d37d3be735f71a67c1710969c68ced5b9baf5cd877baf6d54312b386c077ed691ec769d4f74acb054a8967b93

  Score

  10^/10

  blackbastaransomware

  • Black Basta

    A ransomware family targeting Windows and Linux ESXi first seen in February 2022.

    ransomwareblackbasta

  • Blackbasta family

    blackbasta

  • Renames multiple (1652) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  behavioral7behavioral8