babuk | 1d5f8c4e2cb635bb5cfb001dfd0db882b9eeea700f04a6b9cb1a934667b85368 | Triage

Submit
Reports

Overview

overview

Static

static

1d5f8c4e2c...68.exe

windows7-x64

1d5f8c4e2c...68.exe

windows10-2004-x64

Sharing

General

Target

1d5f8c4e2cb635bb5cfb001dfd0db882b9eeea700f04a6b9cb1a934667b85368.exe
Size

79KB
Sample

220929-lpxjxaada4
MD5

2cd19f67df6d9e1a42e9893e3813b459
SHA1

308b02416b9930bfc1d3fbbef9d184dcbf5714b4
SHA256

1d5f8c4e2cb635bb5cfb001dfd0db882b9eeea700f04a6b9cb1a934667b85368
SHA512

1b77d760ba626308fd67572189821b7c97bf619495da7bd063fe35ee5eceedfe08dfbee02b9d26381b23cdab848bcad27a56632b89a702bb9cac1e5026de5304
SSDEEP

1536:m6UhZM4hubesrQLOJgY8ZZP8LHD4XWaNH71dLdG1iiFM2iG2zs4:ghZ5YesrQLOJgY8Zp8LHD4XWaNH71dLI

Score

10^/10

babuk ransomware

Static task

static1

Behavioral task

behavioral1

Sample

1d5f8c4e2cb635bb5cfb001dfd0db882b9eeea700f04a6b9cb1a934667b85368.exe

Resource

win7-20220812-en

babuk ransomware

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

1d5f8c4e2cb635bb5cfb001dfd0db882b9eeea700f04a6b9cb1a934667b85368.exe

Resource

win10v2004-20220812-en

babuk ransomware

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  1d5f8c4e2cb635bb5cfb001dfd0db882b9eeea700f04a6b9cb1a934667b85368.exe
- Size
  
  79KB
- MD5
  
  2cd19f67df6d9e1a42e9893e3813b459
- SHA1
  
  308b02416b9930bfc1d3fbbef9d184dcbf5714b4
- SHA256
  
  1d5f8c4e2cb635bb5cfb001dfd0db882b9eeea700f04a6b9cb1a934667b85368
- SHA512
  
  1b77d760ba626308fd67572189821b7c97bf619495da7bd063fe35ee5eceedfe08dfbee02b9d26381b23cdab848bcad27a56632b89a702bb9cac1e5026de5304
- SSDEEP
  
  1536:m6UhZM4hubesrQLOJgY8ZZP8LHD4XWaNH71dLdG1iiFM2iG2zs4:ghZ5YesrQLOJgY8Zp8LHD4XWaNH71dLI
Score

10^/10

babuk ransomware
- Babuk Locker
  RaaS first seen in 2021 initially called Vasa Locker.
  ransomware babuk
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File Deletion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

babukransomware

behavioral2

babukransomware

© 2018-2024

Terms | Privacy