General
-
Target
3c070554f9b588ac31e317be5d5f5120.bin
-
Size
27KB
-
Sample
230312-bkxzrseb2y
-
MD5
f9cdc254af440abda8f594a02752ec25
-
SHA1
d74028ec777ab71bcb8a83cf20674df06d8c3117
-
SHA256
68d4d787077eade09c8ada1ff6934aea6b74b2d9d980fe30676db008931ff539
-
SHA512
9f8165133c3d6ad91d98046e3758e5a04d09dbb1317bebc5ce1bc414e32093c232305b452577159edf359352a6ddbcde1fb27a11e457f36a0f59b1d85854cfce
-
SSDEEP
768:bOfGlJaMMW1b8xOUr1zlcduM4w++mBwTZBHAKNBHejVl7v/:bFJdXglMuMvTZB3NBUnD/
Malware Config
Targets
-
-
Target
10843ab4b6e4c9592a31a72bc5f7ccfa48fd365e6fba1b100319f40125f8da6f.exe
-
Size
79KB
-
MD5
3c070554f9b588ac31e317be5d5f5120
-
SHA1
43ff7548df9f8597a4a0e8af82fb75ad622f6750
-
SHA256
10843ab4b6e4c9592a31a72bc5f7ccfa48fd365e6fba1b100319f40125f8da6f
-
SHA512
9eab16bd98efdb908902bc7303962dfa645248c411a407234ba03c7bd75cd8909cd41902e4a50847677d6e42c20a10e98cbb0d57f31a11f60d3eb05936ab334b
-
SSDEEP
1536:m6UhZM4hubesrQLOJgY8ZZP8LHD4XWaNH71dLdG1iiFM2iG2zs4:ghZ5YesrQLOJgY8Zp8LHD4XWaNH71dLI
Score10/10-
Babuk Locker
RaaS first seen in 2021 initially called Vasa Locker.
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-