General
Target

e_win.bin.zip

Size

26KB

Sample

210810-dxwge4a48j

Score
10/10
MD5

6cf4796d764b4659f5f454e04c586d15

SHA1

2bf7636d652e137ce88d62655080912dcf2fad79

SHA256

cb7cd5de34353ff74b8e1f829cffc8d9532b2652fe2d832fa5e57c30c5bde2a8

SHA512

a61bd3e02517cee6c2e856fd27076af85637b01a59204a6068f8ce4c354fd76213e3501fbef94f901b6f57c9abc04a4898ceb796d15093b2e9eef0878cb07bbe

Malware Config
Targets
Target

e_win.bin

MD5

6ce7f33dc923d162788aa3236483701c

Filesize

79KB

Score
10/10
SHA1

97395d6f9474638c0d97596a0613aaea04daa547

SHA256

e2dc8fb92ff49643931fe736d002d42f2fb86ba5642ebf44ecbec674a77d8227

SHA512

0d5ac1d3e3e1ee34c94af6288f82ae663f32fb1383aa6b85f16a6691a139743e16f5a25cfcabbc8428d564cb297d90a381a2863c162a01876779c017ae2141df

Tags

Signatures

  • Babuk Locker

    Description

    RaaS first seen in 2021 initially called Vasa Locker.

    Tags

  • Deletes shadow copies

    Description

    Ransomware often targets backup files to inhibit system recovery.

    Tags

    TTPs

    File DeletionInhibit System Recovery
  • Modifies extensions of user files

    Description

    Ransomware generally changes the extension on encrypted files.

    Tags

  • Enumerates connected drives

    Description

    Attempts to read the root path of hard drives other than the default C: drive.

    TTPs

    Query RegistryPeripheral Device DiscoverySystem Information Discovery

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Execution
          Exfiltration
            Initial Access
              Lateral Movement
                Persistence
                  Privilege Escalation
                    Tasks

                    static1

                    Score
                    N/A

                    behavioral1

                    Score
                    10/10

                    behavioral2

                    Score
                    10/10