Extracted

• • Target

    file

  • Size

    885KB

  • MD5

    80ab6a4d16c8137308dea1dc7922bd47

  • SHA1

    796531afd0e828f451786c485f95c4c04084f461

  • SHA256

    3337a7a9ccdd06acdd6e3cf4af40d871172d0a0e96fc48787b574ac93689622a

  • SHA512

    4ccdf3049a7e4de8c63d5c37602eecdc97e727022c4b2bf0a582ab4aae9ee7e42f24b339cd46eb820baea5593fe19ef0806246f0dd3f8bc1560423fe512f6485

  • SSDEEP

    24576:TP3urAYzBZm8R6pMQig/6203QAxUET69nkyjGjR:TPjYzq8R6pMQig/6203VxUEuhzGjR

  Score

  10^/10

  blackbastadefense_evasiondiscoveryexecutionimpactpersistenceransomwarespywarestealer

  • Black Basta

    A ransomware family targeting Windows and Linux ESXi first seen in February 2022.

    ransomwareblackbasta

  • Blackbasta family

    blackbasta

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Drops desktop.ini file(s)

  behavioral1behavioral2