babuk | 2f5f29192f5139d83f93361ca855d385fd54adf8a40ee959efa72e6e00b2a0ce

General

Target

2f5f29192f5139d83f93361ca855d385fd54adf8a40ee959efa72e6e00b2a0ce
Size

189KB
Sample

210917-q3t36afgd7
MD5

3abc424623ccc9beb2521af2cf398bcc
SHA1

8411b13100ce1128a0d7672d18b7eb4f605ed20f
SHA256

2f5f29192f5139d83f93361ca855d385fd54adf8a40ee959efa72e6e00b2a0ce
SHA512

273c21f0ef47228ac0db7fc317a5b6916627461c29d503d68d28670d86a5fda6a39f55124218380a60002da520bf7ad1c4cd9f63dd1e74e628459184f45ce33a

Score

10^/10

babuk ransomware

Malware Config

Extracted

Path

C:\How To Restore Your Files.txt

Ransom Note

*************************** * AstraLocker * *************************** What happend? ---------------------------------------------- All Your files has been succesfully encrypted by AstraRansomware. What is AstraLocker? ---------------------------------------------- AstraLocker is a modifiend version of a BabukLocker More about BabukLocker: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/babuk-ransomware/ Can I get My files back? ---------------------------------------------- Sure! But You dont have much time for this. Your computer is infected with a ransomware virus. Your files have been encrypted and you won't be able to decrypt them without my help. What can I do to get my files back? ---------------------------------------------- You can buy my decryption software, this software will allow you to recover all of your data and remove the Ransomware from your computer. The price for the software is about 50$ (USD). Payment can be made in Monero, or Bitcoin (Cryptocurrency) only. What guarantees? ---------------------------------------------- I value my reputation. If i do not do my work and liabilities, nobody will pay me. This is not in my interests. All my decryption software is perfectly tested and will decrypt your data. How do I pay, where do I get Monero or Bitcoin? ---------------------------------------------- Purchasing Monero or Bitcoin varies from country to country, you are best advised to do a quick Google search yourself to find out how to buy Monero or Bitcoin. Amount of Bitcoin to pay: 0,00111 BTC (Bitcoin) or Amount of Monero to pay: 0.20 XMR (Monero) Where i can pay? ---------------------------------------------- Monero Address: 47moe29QP2xF2myDYaaMCJHpLGsXLPw14aDK6F7pVSp7Nes4XDPMmNUgTeCPQi5arDUe4gP8h4w4pXCtX1gg7SpGAgh6qqS Bitcoin Addres: bc1qel4nlvycjftvvnw32e05mhhxfzy7hjqkjh82ez Contact ---------------------------------------------- After payment contact: [email protected] to get the decryptor !!! DANGER !!! DO NOT MODIFY or try to RECOVER any files yourself. We WILL NOT be able to RESTORE them. !!! DANGER !! *************************** * AstraLocker * ***************************

Emails

[email protected]

Wallets

bc1qel4nlvycjftvvnw32e05mhhxfzy7hjqkjh82ez

URLs

https://www.mcafee.com/blogs/other-blogs/mcafee-labs/babuk-ransomware/

Targets

- Target
  
  2f5f29192f5139d83f93361ca855d385fd54adf8a40ee959efa72e6e00b2a0ce
- Size
  
  189KB
- MD5
  
  3abc424623ccc9beb2521af2cf398bcc
- SHA1
  
  8411b13100ce1128a0d7672d18b7eb4f605ed20f
- SHA256
  
  2f5f29192f5139d83f93361ca855d385fd54adf8a40ee959efa72e6e00b2a0ce
- SHA512
  
  273c21f0ef47228ac0db7fc317a5b6916627461c29d503d68d28670d86a5fda6a39f55124218380a60002da520bf7ad1c4cd9f63dd1e74e628459184f45ce33a
Score

10^/10

babuk ransomware
- Babuk Locker
  RaaS first seen in 2021 initially called Vasa Locker.
  ransomware babuk
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Executes dropped EXE
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2