General
-
Target
babuk
-
Size
79KB
-
Sample
220204-sxg8hsbhbr
-
MD5
92832ae49373b56748817cb5398ed706
-
SHA1
61e4505d605882b809d9c7f3dcbf163ff1678382
-
SHA256
1e24560100d010c27cc19c59f9fe1531e4286ecb21fe53763165f30c5f58dc90
-
SHA512
398ef0e5ffb6f914a2d1df23f12561153ef52ea28d345232cbb2daa84c43d1f1934be0c40d00b2502c2437c2733d0cdf75d24be6a8b47fc69648ad16c0bb4858
Static task
static1
Behavioral task
behavioral1
Sample
babuk.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
babuk.exe
Resource
win10v2004-en-20220112
Malware Config
Targets
-
-
Target
babuk
-
Size
79KB
-
MD5
92832ae49373b56748817cb5398ed706
-
SHA1
61e4505d605882b809d9c7f3dcbf163ff1678382
-
SHA256
1e24560100d010c27cc19c59f9fe1531e4286ecb21fe53763165f30c5f58dc90
-
SHA512
398ef0e5ffb6f914a2d1df23f12561153ef52ea28d345232cbb2daa84c43d1f1934be0c40d00b2502c2437c2733d0cdf75d24be6a8b47fc69648ad16c0bb4858
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-