General

  • Target

    e_win.bin

  • Size

    79KB

  • Sample

    230310-xn7h9sgg6w

  • MD5

    3c070554f9b588ac31e317be5d5f5120

  • SHA1

    43ff7548df9f8597a4a0e8af82fb75ad622f6750

  • SHA256

    10843ab4b6e4c9592a31a72bc5f7ccfa48fd365e6fba1b100319f40125f8da6f

  • SHA512

    9eab16bd98efdb908902bc7303962dfa645248c411a407234ba03c7bd75cd8909cd41902e4a50847677d6e42c20a10e98cbb0d57f31a11f60d3eb05936ab334b

  • SSDEEP

    1536:m6UhZM4hubesrQLOJgY8ZZP8LHD4XWaNH71dLdG1iiFM2iG2zs4:ghZ5YesrQLOJgY8Zp8LHD4XWaNH71dLI

Score
10/10

Malware Config

Targets

    • Target

      e_win.bin

    • Size

      79KB

    • MD5

      3c070554f9b588ac31e317be5d5f5120

    • SHA1

      43ff7548df9f8597a4a0e8af82fb75ad622f6750

    • SHA256

      10843ab4b6e4c9592a31a72bc5f7ccfa48fd365e6fba1b100319f40125f8da6f

    • SHA512

      9eab16bd98efdb908902bc7303962dfa645248c411a407234ba03c7bd75cd8909cd41902e4a50847677d6e42c20a10e98cbb0d57f31a11f60d3eb05936ab334b

    • SSDEEP

      1536:m6UhZM4hubesrQLOJgY8ZZP8LHD4XWaNH71dLdG1iiFM2iG2zs4:ghZ5YesrQLOJgY8Zp8LHD4XWaNH71dLI

    Score
    10/10
    • Babuk Locker

      RaaS first seen in 2021 initially called Vasa Locker.

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v6

Tasks