General
-
Target
315d992d260498b9757bfedf95e8dec79f934c5e0139c696d5ba581508921a68
-
Size
79KB
-
Sample
221207-m4rgwaae77
-
MD5
42f5327e3e5a4b238ec51ce0fa5f2e33
-
SHA1
64a39bd9b347a99d9d9bfc54c145ffb076082c26
-
SHA256
315d992d260498b9757bfedf95e8dec79f934c5e0139c696d5ba581508921a68
-
SHA512
528d652bd1900b9e979352f7e4707c0f82fea3260147d3d67cad6bb03b1afa5c95a8b83b820ccacd20c4c93481b0afd4fc73d9dafb6c1beaa7f0ef653e818589
-
SSDEEP
1536:96UhZM4hubesrQLOJgY8ZZP8LHD4XWaNH71dLdG1iiFM2iG2zs4:ZhZ5YesrQLOJgY8Zp8LHD4XWaNH71dLI
Malware Config
Targets
-
-
Target
315d992d260498b9757bfedf95e8dec79f934c5e0139c696d5ba581508921a68
-
Size
79KB
-
MD5
42f5327e3e5a4b238ec51ce0fa5f2e33
-
SHA1
64a39bd9b347a99d9d9bfc54c145ffb076082c26
-
SHA256
315d992d260498b9757bfedf95e8dec79f934c5e0139c696d5ba581508921a68
-
SHA512
528d652bd1900b9e979352f7e4707c0f82fea3260147d3d67cad6bb03b1afa5c95a8b83b820ccacd20c4c93481b0afd4fc73d9dafb6c1beaa7f0ef653e818589
-
SSDEEP
1536:96UhZM4hubesrQLOJgY8ZZP8LHD4XWaNH71dLdG1iiFM2iG2zs4:ZhZ5YesrQLOJgY8Zp8LHD4XWaNH71dLI
Score10/10-
Babuk Locker
RaaS first seen in 2021 initially called Vasa Locker.
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-