babuk | 10843ab4b6e4c9592a31a72bc5f7ccfa48fd365e6fba1b100319f40125f8da6f | Triage

Submit
Reports

Overview

overview

Static

static

1

e_win.exe

windows7-x64

e_win.exe

windows10-2004-x64

Sharing

General

Target

e_win.bin
Size

79KB
Sample

230310-xn7h9sgg6w
MD5

3c070554f9b588ac31e317be5d5f5120
SHA1

43ff7548df9f8597a4a0e8af82fb75ad622f6750
SHA256

10843ab4b6e4c9592a31a72bc5f7ccfa48fd365e6fba1b100319f40125f8da6f
SHA512

9eab16bd98efdb908902bc7303962dfa645248c411a407234ba03c7bd75cd8909cd41902e4a50847677d6e42c20a10e98cbb0d57f31a11f60d3eb05936ab334b
SSDEEP

1536:m6UhZM4hubesrQLOJgY8ZZP8LHD4XWaNH71dLdG1iiFM2iG2zs4:ghZ5YesrQLOJgY8Zp8LHD4XWaNH71dLI

Score

10^/10

babuk ransomware

Static task

static1

Behavioral task

behavioral1

Sample

e_win.exe

Resource

win7-20230220-en

babuk ransomware

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

e_win.exe

Resource

win10v2004-20230220-en

babuk ransomware

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  e_win.bin
- Size
  
  79KB
- MD5
  
  3c070554f9b588ac31e317be5d5f5120
- SHA1
  
  43ff7548df9f8597a4a0e8af82fb75ad622f6750
- SHA256
  
  10843ab4b6e4c9592a31a72bc5f7ccfa48fd365e6fba1b100319f40125f8da6f
- SHA512
  
  9eab16bd98efdb908902bc7303962dfa645248c411a407234ba03c7bd75cd8909cd41902e4a50847677d6e42c20a10e98cbb0d57f31a11f60d3eb05936ab334b
- SSDEEP
  
  1536:m6UhZM4hubesrQLOJgY8ZZP8LHD4XWaNH71dLdG1iiFM2iG2zs4:ghZ5YesrQLOJgY8Zp8LHD4XWaNH71dLI
Score

10^/10

babuk ransomware
- Babuk Locker
  RaaS first seen in 2021 initially called Vasa Locker.
  ransomware babuk
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File Deletion

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

babukransomware

behavioral2

babukransomware

© 2018-2024

Terms | Privacy