Extracted

• • Target

    e69149c02a0f24731559d5bec3c1bdbe916cd2829751025845fe48ea01966b82.bin

  • Size

    410KB

  • MD5

    4dc689389054b8aae01c162fb7fec051

  • SHA1

    fd4356fd980f837a813515321fe5f54d5625258b

  • SHA256

    e69149c02a0f24731559d5bec3c1bdbe916cd2829751025845fe48ea01966b82

  • SHA512

    e924f802421f24447ace77bce1ff7f24f11ea852ae00cc624d17bec6f6e675eb258923cd7897f5307c3346b1f08d9cea978dd980344c8905b14b1b88631895c1

  Score

  10^/10

  babukransomware

  • Babuk Locker

    RaaS first seen in 2021 initially called Vasa Locker.

    ransomwarebabuk

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Executes dropped EXE

  • Modifies extensions of user files

    Ransomware generally changes the extension on encrypted files.

    ransomware

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2