Extracted

• • Target

    file

  • Size

    524KB

  • MD5

    20d03f8272648fa3fd31e222b8e2220f

  • SHA1

    ac20624e8aff3d4f9c42a8e2ddd493250e631f47

  • SHA256

    1391c20a26f248f7c602f20096bf1886cfe7e4d151602a1258a9bbe7c02c1c80

  • SHA512

    3bcfde35141671b4de022ae2423d020e53de35075c9a2c0a2dde45dc993364543af443dc97e6d3cc96c9a1d34533d6adb50c2495a23b5c4de97f64b3176ebd70

  • SSDEEP

    12288:SwCt9ZABL6wADs7yjyYTW3nMxIg/NmGta1WeGcvc4OulNI:AHUADs+jVW3nMxIKMOa1Wpecule

  Score

  10^/10

  blackbastacredential_accessdefense_evasiondiscoveryexecutionimpactransomwarespywarestealer

  • Black Basta

    A ransomware family targeting Windows and Linux ESXi first seen in February 2022.

    ransomwareblackbasta

  • Blackbasta family

    blackbasta

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution

  • Renames multiple (9699) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Credentials from Password Stores: Windows Credential Manager

    Suspicious access to Credentials History.

    credential_accessstealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Drops desktop.ini file(s)

  • Sets desktop wallpaper using registry

    ransomware
  behavioral1behavioral2