MAL_RANSOM_BlackBasta_Oct22_1

Rule Info

Name
MAL_RANSOM_BlackBasta_Oct22_1
Author
Florian Roth
Description
Detects Black Basta ransomware indicators
Score
85
Reference
https://research.checkpoint.com/2022/black-basta-and-the-unnoticed-delivery/
Date
2022-10-28
Minimum Yara
1.7
Rule Hash
7f6e26bf4adada36281cf73d9d262058
Tags
['CRIME', 'RANSOM', 'EXE', 'MAL']
Required Modules
[]
Virustotal Matches
https://www.virustotal.com/gui/search/mal_ransom_blackbasta_oct22_1/comments

Antivirus Verdicts

Rating
Number of Samples
Malicious (>= 10 engines)
13
Suspicious (< 10 engines)
1
Clean (0 engines)
0

Rule Matches

Timestamp
Positives
Total
Hash
VT
2024-05-29 05:47:31
35
73
0b35ca7180bca642610a82bc54418d7b5b49f94699a95fd73e3897b514066374
2024-05-23 21:47:40
9
64
a199c9d91a1e7c7051ec40f0a3a51143aa9f06af47a2a5f0e2dd235d7e1fe386
2024-04-26 07:02:07
19
68
88c8b472108e0d79d16a1634499c1b45048a10a38ee799054414613cc9dccccc
2023-06-13 14:02:31
48
69
9f948af3a30f125dcd24d8a628b3a18c66b3d72baede8496ee735cbdfd9cf0c7
2023-05-29 18:14:21
50
70
6c9efa67192406d306c1ec61e6eabbc181fa76392c96b79b4130d0f063226dbb
2023-04-03 07:11:42
43
69
9635c91adf7f8ee699b4b1b63d7342f3c732dfea9896cc0a67d9789b08577b5f
2023-03-31 17:16:58
46
69
bc69dacee82ea71a811e74ada75c953314c776d8eee50fa28d1e2770e24b0a74
2023-02-04 01:10:31
45
69
9bbe6414ce22cb5e19f294004cb5cdbc883479d99629ddcdb5b70e9806306e42
2022-12-21 00:56:06
29
60
e9333a4a5215dfb8ab022f10cb3dedff595e8b729bfcd72c012f9daea09d598b
2022-12-20 21:07:42
48
71
4a79adc9e5d380be80347ac66fb0d0f414ef1a256c11788bde63e327b9ad54b2
2022-12-10 06:16:12
13
70
18d27bde13f20969d7e1a93b4e834bc72b91ffe195e444064ef1b7dcef0299a1
2022-11-28 13:58:08
46
71
bc1baf6014affceab4e59a781c33df25f2e9baa17c0cc579f6a6702d0db585d2
2022-11-22 10:08:12
27
71
07fdfcde9c9a3f60b1302c6a42ef1191fcfa861e94638968c8023ed957d9144f
2022-11-09 00:55:42
26
71
9a048479de8a00a6738d82f66807d31bde2cc99ce70b2af4e0b2eab0ae379ffd

Rule Matches per Month (last 24 months)

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022