babuk | 82e560a078cd7bb4472d5af832a04c4bc8f1001bac97b1574efe9863d3f66550

Resubmissions

21-02-2024 19:59

240221-yqmsbafb69 10

27-02-2023 15:10

230227-sj843seb89 1

27-06-2021 20:55

210627-2nsmat5hex 10

Sharing

Copy URL

Twitter E-mail

General

Target

82e560a078cd7bb4472d5af832a04c4bc8f1001bac97b1574efe9863d3f66550
Size

4.8MB
Sample

210627-2nsmat5hex
MD5

aee27a5ebedadf12beed294f59026162
SHA1

fa5153b6011c578ce85c8c6d2a431ee9b8be03ec
SHA256

82e560a078cd7bb4472d5af832a04c4bc8f1001bac97b1574efe9863d3f66550
SHA512

74548443d979e4b07904ca6232df1d787fa7481bfb52dfdd0331882cb407ba73c0548ef8544c02ed2cb2d11401ae86c546875db4408127d30b862cb383da921a

Score

10^/10

Malware Config

Targets

- Target
  
  builder.exe
- Size
  
  121KB
- MD5
  
  5dfa998f62612e10d5d28d26948dd50f
- SHA1
  
  05618b47ccf5aba595fba60feb30969b5500abb3
- SHA256
  
  4fa565cc2ebfe97b996786facdb454e4328a28792e27e80e8b46fe24b44781af
- SHA512
  
  83a0f6b9b43d88ea704f0d006937e020a2dd7c207bc84937d2ca6d80f808b0b583a555082eb529c902f2194cb872a23d5666302908f3ed0418f061e50c56defa
Score

1^/10
behavioral1 behavioral2
- Target
  
  d_esxi.out
- Size
  
  53KB
- MD5
  
  64b8e75e76283e034e134c128e9a405a
- SHA1
  
  cd19c2741261de97e91943148ba8c0863567b461
- SHA256
  
  930760c00de1b9a4bc2eefcd96173f1e9a906b11a9566c517fcb87a13acaa327
- SHA512
  
  8e9e0ceafc88504a408ed9a91514675b7e13e3f4ed5f3a2c0208f441c55d783e3708427fc49489bdd9f74804a00a093c6e28c5a012d483b502bee09995f6a84d
Score

1^/10
behavioral3 behavioral4 behavioral5
- Target
  
  d_nas_arm.out
- Size
  
  2.0MB
- MD5
  
  7de2173c75f9778b9c9c20447ad4c1f8
- SHA1
  
  0bea740c49e30d3c8d58976951331068f181c453
- SHA256
  
  2cd6d4a52dbaf9e79d93492ad73dc229e06d0cee9e3327cc3bef165fae06f918
- SHA512
  
  666387bea53b85ccb8d6f5925f2c4fa69530836a58834234f6c9c5c0034997dad2270f270bea138796f7bb2010bcf2c4430bbaf10fa8a6f50b52323b84b21e18
Score

1^/10
behavioral6 behavioral7 behavioral8
- Target
  
  d_nas_x86.out
- Size
  
  1.9MB
- MD5
  
  29efe5693da727cdca8c637d343b07cd
- SHA1
  
  a5ee4e8a413ea03639721f31de5f42d4b0968039
- SHA256
  
  51fe57795105eb1e618d35bd99fcc096ee3687455cd4e330396c0d701bc3a6a1
- SHA512
  
  5f19057919b4018114fcb58e0d848960acbf26d461077a85a935b64e7ec161f45047e6dc6c4664058b36902bc39b297c292eb8af2557dddd5bbdfdc975e6f377
Score

1^/10
behavioral9 behavioral10 behavioral11
- Target
  
  d_win.bin
- Size
  
  68KB
- MD5
  
  ca8dcb4c02f5b3b09b0bc49452f05bd6
- SHA1
  
  0e0001da7e198da8e3e82252d5414dbcb8bee9d1
- SHA256
  
  eb22f22fedb24ef3d06d2ba6ac9bc53528f8d1e489fefeac9501b926a0be6097
- SHA512
  
  9221c98a0ad3179725fd66de3fcfbc0f97af300431d82645ee0b9d8e16a756b7881a91f661a569156bf0d5984e54703d513d753329bffd382327cc7a194ffc48
Score

3^/10
behavioral12 behavioral13
- Target
  
  e_esxi.out
- Size
  
  69KB
- MD5
  
  ce73b00417464190d7fb9b36af74968a
- SHA1
  
  885a734c7869b52aa125674cb430199b2645cda0
- SHA256
  
  dc90560d7198bf824b65ba2cfbe403d84d38113f41a1aa2f37f8d827fd9e0ceb
- SHA512
  
  7710eb3c601f0b6066606f7a098811efa8e411b12164e7bcb2ab289920156367ee53e6c243937d89ccf17af9c207856fbd2f125982e5242938cd189965a3556d
Score

1^/10
behavioral14 behavioral15 behavioral16
- Target
  
  e_nas_arm.out
- Size
  
  2.1MB
- MD5
  
  28249fc247a858d9727c860e4a484392
- SHA1
  
  37b2ee4c3f6b9976e2335421a05e4b480c09ff9d
- SHA256
  
  e8cee8eab4020e1aadd4631ed626ab54d8733f8b14d683ca943cd4e124eeef55
- SHA512
  
  af4109064b524761fc3b0b5b27ab634e9eda7c8897fe5fb5b2d39dd1b620a402eb97ce5e76d99f9a959c2c6a162a2037c398c2181d2f66d029b46d73ec7f43e4
Score

1^/10
behavioral17 behavioral18 behavioral19
- Target
  
  e_nas_x86.out
- Size
  
  2.0MB
- MD5
  
  1453c8123be53bf4458b1a8e7e54ddbb
- SHA1
  
  a1064f1393e4d548c27f1a4b5fb1a5cf9f5267e7
- SHA256
  
  e505b24de50b14aed35cf40725dc0185cab06fed90269d445ec7a4b36de124b6
- SHA512
  
  2eeffbcf1b8161f3f61a5654213004212042ca95b87393052a54b0a28416ee82eef113891488cc272581d6c2a557b1283712f8658ad48c219823b204724bc150
Score

1^/10
behavioral20 behavioral21 behavioral22
- Target
  
  e_win.bin
- Size
  
  79KB
- MD5
  
  e5adc80639046a5c69bcfeee458e0833
- SHA1
  
  d9e3f9edda5df290b5be6fb1d335b750dd7c6758
- SHA256
  
  ea95f131bd9b49104d9e7ae83335254549ded9d71d557c6e4746740aecca2c85
- SHA512
  
  c11a24e14ba5fa2b0e2c2b544dd4218ce4c8caae3db7cebd5b0305223f96bde09c9bd237cb8d32768f30118f7be73240971e772f7a89db7c0fba5c6105107e3a
Score

10^/10

babuk ransomware
- Babuk Locker
  RaaS first seen in 2021 initially called Vasa Locker.
  ransomware babuk
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral23 behavioral24

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File Deletion

T1107

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

T1490

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

Babuk Locker

Deletes shadow copies

Modifies extensions of user files

Enumerates connected drives

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24