General
-
Target
20492050518.zip
-
Size
301KB
-
Sample
241221-tfwv1ssnbk
-
MD5
9aeb5286f0f50837fcb3c98ebd56a0df
-
SHA1
80a390fbe147959a0c1dee7224e690c0956d74d3
-
SHA256
2a94525ad06751b4795f47254c22469ee60ed473b3bf193f6d2ffd704c6d4bd4
-
SHA512
dee5bfbe3a63e9051c604404c09c36440f016d177bce6966c8aa0c967b5492ca21ce3b729cb46393f9c20f7208c6dc35ae28f554433ef33596a8fdcbc69f33b6
-
SSDEEP
6144:dVo/9H3RLpig9s8/wGhVt7JKT0KZTTzgu4poRGDzCAgX4:di/xiz84CT7a0K21l4o
Malware Config
Extracted
C:\Program Files\instructions_read_me.txt
blackbasta
https://bastad5huzwkepdixedg2gekg7jk22ato24zyllp6lnjx7wdtyctgvyd.onion/
Targets
-
-
Target
15d891d682d73514401f65f0bd769d27f777462c31c7815e1a0fe119a41ea739
-
Size
649KB
-
MD5
90e69700399e2b75d7e09b84185640c7
-
SHA1
cce479af71b73f1d0c5226b87894aeb5c24aeed2
-
SHA256
15d891d682d73514401f65f0bd769d27f777462c31c7815e1a0fe119a41ea739
-
SHA512
5bdcecad4af71631278e7d00fd9056a6b62be6212e7f7e00d75e08207ca41fbe3e075ca0699cc963039deb5190225bde16a5522b5ca6c7d943e3b5df80750ceb
-
SSDEEP
12288:4ofNGhJvRjVUWEFvScnf316z/OF/NqDxf4qLO1BhwTkwJcqea4VOF:4ofNGhJvRJGf3oJ9f4qLqBhsJveg
Score10/10-
Black Basta
A ransomware family targeting Windows and Linux ESXi first seen in February 2022.
-
Blackbasta family
-
Renames multiple (4224) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-