Extracted

• • Target

    afcf265a1dcd9eab5aab270d48aa561e4ddeb71c05e32c857d3b809bb64c0430

  • Size

    38KB

  • MD5

    be76ed428523b9aefe706aeaa72bb6b2

  • SHA1

    b040f2bdee3999aad415396f9f79e43b2aa9452b

  • SHA256

    afcf265a1dcd9eab5aab270d48aa561e4ddeb71c05e32c857d3b809bb64c0430

  • SHA512

    d08870197e1234a8e7115fc8bc0a868841054a0f6d3153a9ad77dad1bb077da3c2af3bdeebf53c6304943a3169ef5ae4fde16ce0e45a421e9afc2b4041a07c5b

  Score

  10^/10

  babukransomware

  • Babuk Locker

    RaaS first seen in 2021 initially called Vasa Locker.

    ransomwarebabuk

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Modifies extensions of user files

    Ransomware generally changes the extension on encrypted files.

    ransomware

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  behavioral1behavioral2