General

  • Target

    ab8eee432fa636360b3c6724fe6851e9cf8eeae1ee9da6fc576bee1cd5d7fad2.exe

  • Size

    79KB

  • Sample

    221009-pxbtysghh5

  • MD5

    fa758e45dae3e8a7506f6b7663ccb4b4

  • SHA1

    ecdcc9bc595e93dfedbe26352d7a954a69d4a8ea

  • SHA256

    ab8eee432fa636360b3c6724fe6851e9cf8eeae1ee9da6fc576bee1cd5d7fad2

  • SHA512

    01598cfbde622afbc52ba17d406b459f4cb4c8db6a15eaa3f906eba9ea3ba920e61632383e35117c7c4fb1757c3aab9a291507228570b5cfdcac94de684cbe3c

  • SSDEEP

    1536:4pykWBeG/vEbmsrQLOJgY8ZZP8LHD4XWaNH71dLdG1iiFM2iG2nsf:ZBeQsmsrQLOJgY8Zp8LHD4XWaNH71dLc

Score
10/10

Malware Config

Extracted

Path

C:\How To Restore Your Files.txt

Ransom Note
What Happened to My Computer? Your important files are encrypted. Many of your documents, photos, videos, databases and other files are no longer accessible because they have been encrypted. Maybe you are busy looking for a way to recover your files, but do not waste your time. Nobody can recover your files without our decryption service. Can I Recover My Files? Sure. We guarantee that you can recover all your files safely and easily. But you have not so enough time. You can decrypt some of your files for free. But if you want to decrypt all your files, you need to pay. You only have 3 days to submit the payment. After that the price will be doubled. Also, if you don't pay in 7 days, you won't be able to recover your files forever. How Do I Pay? Payment is accepted in Bitcoin only. Please check the current price of Bitcoin and buy some bitcoins. And send the correct amount to the address in this. Once the payment is checked, you can start decrypting your files immediately. Contact If you need our assistance, send a message by Telegram. We strongly recommend you to not remove this software, and disable your anti-virus for a while, until you pay and the payment gets processed. If your anti-virus gets updated and removes this software automatically, it will not be able to recover your files even if you pay! Bitcoin address bc1q5jcrkhupyahwqhqa8fjngftp6r4mz6r0wputkd Amount 10 bitcoin Telegram https://t.me/bbkte4m
URLs

https://t.me/bbkte4m

Targets

    • Target

      ab8eee432fa636360b3c6724fe6851e9cf8eeae1ee9da6fc576bee1cd5d7fad2.exe

    • Size

      79KB

    • MD5

      fa758e45dae3e8a7506f6b7663ccb4b4

    • SHA1

      ecdcc9bc595e93dfedbe26352d7a954a69d4a8ea

    • SHA256

      ab8eee432fa636360b3c6724fe6851e9cf8eeae1ee9da6fc576bee1cd5d7fad2

    • SHA512

      01598cfbde622afbc52ba17d406b459f4cb4c8db6a15eaa3f906eba9ea3ba920e61632383e35117c7c4fb1757c3aab9a291507228570b5cfdcac94de684cbe3c

    • SSDEEP

      1536:4pykWBeG/vEbmsrQLOJgY8ZZP8LHD4XWaNH71dLdG1iiFM2iG2nsf:ZBeQsmsrQLOJgY8Zp8LHD4XWaNH71dLc

    Score
    10/10
    • Babuk Locker

      RaaS first seen in 2021 initially called Vasa Locker.

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v6

Tasks