Extracted

Extracted

• • Target

    5665f108965c55a2d3ebcbbb50b03786

  • Size

    107KB

  • MD5

    5665f108965c55a2d3ebcbbb50b03786

  • SHA1

    5f3500c5d5f646383e06033fb0650d9b83da98a8

  • SHA256

    a32770d46ee2ee5b91cc36e5159868ec3ff7f847e7516d7bcb952f7a94e347a2

  • SHA512

    cb6e052712ace47f371efdc93309ecc3bc7e85d897dc64e85c8fac3e436a3a714ffd140d465daf87a3f911f89bfbf4db90fe1bd7f579f5d108de51ace342b0fb

  Score

  10^/10

  babukdiscoveryransomwarespywarestealer

  • Babuk Locker

    RaaS first seen in 2021 initially called Vasa Locker.

    ransomwarebabuk

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Modifies extensions of user files

    Ransomware generally changes the extension on encrypted files.

    ransomware

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2