Overview
overview
10Static
static
1Desktop.zip
windows7-x64
1Desktop.zip
windows10-2004-x64
1babyk/babyk.exe
windows7-x64
10babyk/babyk.exe
windows10-2004-x64
10babyk/builder.exe
windows7-x64
1babyk/builder.exe
windows10-2004-x64
1babyk/decryptor.exe
windows7-x64
3babyk/decryptor.exe
windows10-2004-x64
3conti/decryptor.exe
windows7-x64
1conti/decryptor.exe
windows10-2004-x64
1conti/locker.exe
windows7-x64
7conti/locker.exe
windows10-2004-x64
7Analysis
-
max time kernel
31s -
max time network
33s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
11-03-2023 13:56
Static task
static1
Behavioral task
behavioral1
Sample
Desktop.zip
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Desktop.zip
Resource
win10v2004-20230220-en
Behavioral task
behavioral3
Sample
babyk/babyk.exe
Resource
win7-20230220-en
Behavioral task
behavioral4
Sample
babyk/babyk.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral5
Sample
babyk/builder.exe
Resource
win7-20230220-en
Behavioral task
behavioral6
Sample
babyk/builder.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral7
Sample
babyk/decryptor.exe
Resource
win7-20230220-en
Behavioral task
behavioral8
Sample
babyk/decryptor.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral9
Sample
conti/decryptor.exe
Resource
win7-20230220-en
Behavioral task
behavioral10
Sample
conti/decryptor.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral11
Sample
conti/locker.exe
Resource
win7-20230220-en
General
-
Target
babyk/decryptor.exe
-
Size
69KB
-
MD5
e1b2cfa88cc03d30a6f6268b72babbc4
-
SHA1
f75c083f9fef28ca9cd5d05c9172dc44477712d6
-
SHA256
4192105a7de1145b81bf2debf8940f3d3afe02f8237d57fbeaf108179b922f35
-
SHA512
2ac7011bb28a1cd53d6ff793923f0b9879b830154e9a0dd1c86406e1fd33507398b4575ffc11df08e6c27305e2ca69022594dc711a83a4f6c75f760f0ab495c2
-
SSDEEP
1536:Ei6+W1BBsrQLOJgY8ZZP8LHD4XWaNH71dLdG1iiFM2iG2wARxYTs88:y+WhsrQLOJgY8Zp8LHD4XWaNH71dLdGo
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.