General
-
Target
4775178813997056.zip
-
Size
389KB
-
Sample
211215-g4vlmsggg9
-
MD5
9b621494b8a13bfdc16bb8c717e97f71
-
SHA1
442a318e8aa46d0fb36b9bfd1a87e2528d611fdc
-
SHA256
a3788d8cf37d691627bdbc5add07b598fdde66bdfcdb05299b0976715b392a61
-
SHA512
dfccd344771f69f3b77cb8153f59ffbea8126a50e01bc1541c6585b632e11cb35b2b172a7759c91d3b11ce63411745d0e387841d9644318ecdf53b20fc9f8636
Malware Config
Extracted
C:\How To Restore Your Files.txt
iamunknown@keemail.me
babyk@mail2tor.com
https://tox.chat/download.html
Extracted
C:\How To Restore Your Files.txt
Extracted
C:\MSOCache\How To Restore Your Files.txt
http://tsu2dpiiv4zjzfyq73eibemit2qyrimbbb6lhpm6n5ihgallom5lhdyd.onion/08deb1f2411fcdd93d524213ee3063b9719716e6813e886cb80f21df4a0d3ad5
Extracted
C:\Help Restore Your Files.txt
recover300dollars@gmail.com
3JG36KY6abZTnHBdQCon1hheC3Wa2bdyqs
Targets
-
-
Target
0099963e7285aeafc09e4214a45a6a210253d514cbd0d4b0c3997647a0afe879
-
Size
79KB
-
MD5
e3dd1eb73e602ea95ad3e325d846d37c
-
SHA1
a0a4fb4a58f663d2ff12d6efac1b07b63eb03e28
-
SHA256
0099963e7285aeafc09e4214a45a6a210253d514cbd0d4b0c3997647a0afe879
-
SHA512
0bac92222143f699a5c01403b6aeefdc8b05fa73928186bee9e8a63d8f9da7486b5e4a5720bade9be17e884f8ef651e3f0bbb0c556b33e330f8788832d22a639
Score9/10-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
-
-
Target
028facff67136de55fe200177a190da625c8e1713b4e7d95bf5fc5412a5afffc
-
Size
79KB
-
MD5
eb9e0b14e2235af24eeee881892fc825
-
SHA1
3fb00aa10ccfaedfd29f8b01ef6ef4434d260eb9
-
SHA256
028facff67136de55fe200177a190da625c8e1713b4e7d95bf5fc5412a5afffc
-
SHA512
c341517ba090bf530bd1324758644c8d6d2e488912bae19e0b066d508f3e37845ca8b39e5ee86fe75b22126d5d4bcb4957f58e02360c2606f9c0278382238c0a
Score10/10-
Babuk Locker
RaaS first seen in 2021 initially called Vasa Locker.
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
-
-
Target
0294114d5f411b6c47eb255d4ed6865df99d1c5252f4f585aabf44e6cbacaa59
-
Size
79KB
-
MD5
d3c83232b0e85485724c4029e8b93dc1
-
SHA1
2cfe3762a2e0c7e9a15bd617e693076f47d84028
-
SHA256
0294114d5f411b6c47eb255d4ed6865df99d1c5252f4f585aabf44e6cbacaa59
-
SHA512
07d83a9b09452eab085bec3819a1bd5353e2364c134cf87fe0c1a6770ed447d32cb954c98337ca6121fce2db1dff05a5ea5518239f4bb02ca50dabee02cab490
Score10/10-
Babuk Locker
RaaS first seen in 2021 initially called Vasa Locker.
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
-
-
Target
02e9883501635da9b501e715bb827a0b9d0c265991f1263f073eb6c5d9b335c3
-
Size
79KB
-
MD5
c7ec4e7022f26949ed39033616efe894
-
SHA1
0e4da1fa8b3bc8b2f410cfd7230b9fc70dc10670
-
SHA256
02e9883501635da9b501e715bb827a0b9d0c265991f1263f073eb6c5d9b335c3
-
SHA512
04976b2e50e5f7f7a067b0dc07072f22c607d8ae6c33b4ec4e65a851b71bef939725f29fdeaa7a943033a9aa6b5f9a09f1d029860a0dbd6184be768754982aff
Score9/10-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
-
-
Target
03110baa5aad9d01610293f2b8cd21b44cc7efa0a465e677d6b3f92510a4b1d7
-
Size
79KB
-
MD5
1dbd0abfdd692d5939f2aa201674d870
-
SHA1
5a8d3472a642eb62cfde5e4db469c62422b16792
-
SHA256
03110baa5aad9d01610293f2b8cd21b44cc7efa0a465e677d6b3f92510a4b1d7
-
SHA512
ad1398d865cda6c009cfab67901fcb7f2928a5b7dfd8cdc0a892bb6f1ec62f8d492f1f3a59277afac2251ebe2069a243b66d57754629290bbf68791f586c7311
Score10/10-
Babuk Locker
RaaS first seen in 2021 initially called Vasa Locker.
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
-
-
Target
0b93a024b5d6874d7bb69abd7f0e2d54a67c602584575a9b6d1212baae81442f
-
Size
79KB
-
MD5
2245c35306910a280961d356e4b5ab94
-
SHA1
0ca5cc08a4f5226332d2ce49a9131216ac32bec2
-
SHA256
0b93a024b5d6874d7bb69abd7f0e2d54a67c602584575a9b6d1212baae81442f
-
SHA512
09342308aebf1f5bcf494904b00eba2df9faa75c1d884dd8f2e706e4429905244e269bedc28c71d692348a87a257a4b00b12aa79e9a9b7f7498a441a73344ac4
Score10/10-
Babuk Locker
RaaS first seen in 2021 initially called Vasa Locker.
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
-
-
Target
12c561ac827c3f79afff026b0b1d3ddec7c4b591946e2b794a4d00c423b1c8f8
-
Size
79KB
-
MD5
4b4ed15014cad303edf6ceafedb3d594
-
SHA1
bc327c544d5cdce1b7112a6ab389a14a803fa2dc
-
SHA256
12c561ac827c3f79afff026b0b1d3ddec7c4b591946e2b794a4d00c423b1c8f8
-
SHA512
bc35af57a4798b7b8490ceb2a74fda06c866a4e0854b3a754fd81cfd2bf8319aedc6da5f9d9ec5caac835f2ddd37a508e9fc8a5748344928c4ace19af9ed133d
Score10/10-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
-
-
Target
15656e1825383c4749fadcc46f9825df6262ca2f1f98d895d64c840febe3d9d3
-
Size
79KB
-
MD5
075951011cd90b9d7b202d7aa45fda8e
-
SHA1
19043c94c4b99ccd26aeed37236e534cf15a37ef
-
SHA256
15656e1825383c4749fadcc46f9825df6262ca2f1f98d895d64c840febe3d9d3
-
SHA512
e782c80568a7424eabf2f725d90ecc861dd5d23f31812227e3bb1b00897f659c864e38d768359dcb6965012f5dd4da2cc37bad28a071cabce9e77317f717ad84
Score10/10-
Babuk Locker
RaaS first seen in 2021 initially called Vasa Locker.
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
-
-
Target
18e282e6806903ff00a78b91f6d0ad1bc3aae4b4846d6a5705c036a88138605f
-
Size
79KB
-
MD5
e749820eb5214ce88ab2e6a109a2a31c
-
SHA1
fb971681274419d82692085d7c8391c61fd0ba3a
-
SHA256
18e282e6806903ff00a78b91f6d0ad1bc3aae4b4846d6a5705c036a88138605f
-
SHA512
056e4f0f20c853fbad054987340a0519d3f960e8255b47f1a8923acc7515fdc2637bbb43a6eac8485eea5e5b1e5310317c2dfc6cf11a5cef70cb90d42babc8c3
Score10/10-
Babuk Locker
RaaS first seen in 2021 initially called Vasa Locker.
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
-
-
Target
1ab45a508da655ef755ad4394f869c664f664b3ac111875704a583e9485f2238
-
Size
79KB
-
MD5
ad44e77dff1efa05b990292b35f56b11
-
SHA1
f7d3fabf0f901908bb29aaa8dd13baded4c408f0
-
SHA256
1ab45a508da655ef755ad4394f869c664f664b3ac111875704a583e9485f2238
-
SHA512
4bb500bcb9004e2dd1096ff664ab7e511d13ea1ce5a78fe39ce8e48eab4e2ed91a81823c449282caddc29ab06309927b3dece508fe606b8c6376ea88910e7e3f
Score10/10-
Babuk Locker
RaaS first seen in 2021 initially called Vasa Locker.
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
-
-
Target
1d40f42fa328a9a6192d4fa8c6e5ce6f813ea9132774784521713b202d772994
-
Size
79KB
-
MD5
38bf2b92a281f885e964a549575a5804
-
SHA1
0150c32d9de1fc49e8a2cd80031c561748e8cca7
-
SHA256
1d40f42fa328a9a6192d4fa8c6e5ce6f813ea9132774784521713b202d772994
-
SHA512
99464b0867a297877eb88e0e322de1d4d613f75a2a420ea573e89a1798580f32ea0faac65752114223ff0ab684ae46fe4b0fcb629beb48077a949fac1ffe7d76
Score10/10-
Babuk Locker
RaaS first seen in 2021 initially called Vasa Locker.
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
-
-
Target
1deb1efad2c469198aabbb618285e2229052273cf654ee5925c2540ded224402
-
Size
79KB
-
MD5
d24e9b0c3a81e884e14596d6047e31be
-
SHA1
0557ae0a95e11e10fe9a33742f8b258b35c0aae6
-
SHA256
1deb1efad2c469198aabbb618285e2229052273cf654ee5925c2540ded224402
-
SHA512
5f9cfaf495d186c599ffe8fd63b7bf1c775313e38f0397f4f422d0944cfabf1c497b8cf81514d2a5d1ed2631d00f9356d8013fd90efea1bb29d17d7bae2a2ccd
Score10/10-
Babuk Locker
RaaS first seen in 2021 initially called Vasa Locker.
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
-
-
Target
1e24560100d010c27cc19c59f9fe1531e4286ecb21fe53763165f30c5f58dc90
-
Size
79KB
-
MD5
92832ae49373b56748817cb5398ed706
-
SHA1
61e4505d605882b809d9c7f3dcbf163ff1678382
-
SHA256
1e24560100d010c27cc19c59f9fe1531e4286ecb21fe53763165f30c5f58dc90
-
SHA512
398ef0e5ffb6f914a2d1df23f12561153ef52ea28d345232cbb2daa84c43d1f1934be0c40d00b2502c2437c2733d0cdf75d24be6a8b47fc69648ad16c0bb4858
Score10/10-
Babuk Locker
RaaS first seen in 2021 initially called Vasa Locker.
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
-
-
Target
63b6a51be736d253e26011f19bd16006d7093839b345363ef238eafcfe5e7e85
-
Size
25KB
-
MD5
a22ca06bb3a58d4ca2bca856434b96f3
-
SHA1
4a12e232b2442746334ef5d94fab4c3577b33de7
-
SHA256
63b6a51be736d253e26011f19bd16006d7093839b345363ef238eafcfe5e7e85
-
SHA512
e0f22e150d52b22a2033a4e9a8f99f2d17a2eb496d039b11ef217a94c711f51db4f5b07d941335ace99c10d824fc547494b2b3ee2458c8239853d4780fe283c1
Score10/10-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-