Extracted

• • Target

    file

  • Size

    448KB

  • MD5

    ce99e91e6c2a6defe1a86462870ba321

  • SHA1

    f3d31b5d4bec32a50e8a76430c801d1b8c4e6b70

  • SHA256

    58ddbea084ce18cfb3439219ebcf2fc5c1605d2f6271610b1c7af77b8d0484bd

  • SHA512

    005fc1fedaa4862134e3f38f6521302b6f9db82117b70e17c95157a4205a84348dbbcb5a037c125da89d32621740b4bf1613935da32a5555a8a1eb17b6f42106

  • SSDEEP

    12288:VPNXbjc+dHPgpgA6RiagtnIkJvEFZoZ/g1n:VFjZegjiagtnhOFZA/g1

  Score

  10^/10

  blackbastadiscoveryransomwarecredential_accessspywarestealer

  • Black Basta

    A ransomware family targeting Windows and Linux ESXi first seen in February 2022.

    ransomwareblackbasta

  • Blackbasta family

    blackbasta

  • Renames multiple (6827) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Credentials from Password Stores: Windows Credential Manager

    Suspicious access to Credentials History.

    credential_accessstealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Drops desktop.ini file(s)

  behavioral1behavioral2