Extracted

• • Target

    file

  • Size

    2.7MB

  • MD5

    80d8379fc7093ec9e24be089ea6fa448

  • SHA1

    7c2da0be48cdf30db35105d5c4fc7759a0c10bf9

  • SHA256

    0c964ac2f65f270eb19982b04ae346e72976bdf19b88ffd2308700dcce2b5ec0

  • SHA512

    abb391bb1c0e909b98fd4eff90360a6490be2b8906190a58a653769d51bdd929d4dc2f5705149bc2782c0843632aa0f55cff652e91293e831c436d0928523f1f

  • SSDEEP

    12288:oyTgj6xwzXu9qvuRrzC2qWx8EsFeZ5I34lMKODiU56:2hu9qGFzC2qWx0eZ5ClbiUE

  Score

  10^/10

  blackbastadefense_evasiondiscoveryexecutionimpactransomware

  • Black Basta

    A ransomware family targeting Windows and Linux ESXi first seen in February 2022.

    ransomwareblackbasta

  • Blackbasta family

    blackbasta

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution

  • Renames multiple (1545) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Sets desktop wallpaper using registry

    ransomware
  behavioral1behavioral2