General
-
Target
0f3df6ef2a93f1a2a7265293bd7ce8b6_babuk_destroyer_JC.exe
-
Size
78KB
-
Sample
230816-xktg8sdc47
-
MD5
0f3df6ef2a93f1a2a7265293bd7ce8b6
-
SHA1
38d58c66ec0d18d333b885e2b4aa788c7a22e384
-
SHA256
cba23155d05b468264b2724cdbd198c2724bab46426018c3342adae25d6e2b1d
-
SHA512
d8700914a4e1f516b9a3d7a7d0e61ed3564230a9676e1a2bee04d1396aea5bb45ded5cfad9b7814133f500012961b58058d1446cc9884c62b482977df9ea881a
-
SSDEEP
1536:RnphiBMAMnL+by+PGuMsrQLOJgY8ZZP8LHD4XWaNH71dLdG1iiFM2iG2es4:RnPiBMAqeyXBsrQLOJgY8Zp8LHD4XWah
Static task
static1
Behavioral task
behavioral1
Sample
0f3df6ef2a93f1a2a7265293bd7ce8b6_babuk_destroyer_JC.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
0f3df6ef2a93f1a2a7265293bd7ce8b6_babuk_destroyer_JC.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
C:\Recovery\909558a2-20ee-11ee-b7b1-d66763f08456\How To Restore Your Files.txt
http://wavbeudogz6byhnardd2lkp2jafims3j7tj6k6qnywchn2csngvtffqd.onion/
http://os3xs2l3ftdqeuhxyuo4e6ymxvknp3gx6abordkcjde4coe37k66xyid.onion/4ee7ff7421bcb2ab35c523623ce11174c037e7db0562578b8a245630fc16a047
Targets
-
-
Target
0f3df6ef2a93f1a2a7265293bd7ce8b6_babuk_destroyer_JC.exe
-
Size
78KB
-
MD5
0f3df6ef2a93f1a2a7265293bd7ce8b6
-
SHA1
38d58c66ec0d18d333b885e2b4aa788c7a22e384
-
SHA256
cba23155d05b468264b2724cdbd198c2724bab46426018c3342adae25d6e2b1d
-
SHA512
d8700914a4e1f516b9a3d7a7d0e61ed3564230a9676e1a2bee04d1396aea5bb45ded5cfad9b7814133f500012961b58058d1446cc9884c62b482977df9ea881a
-
SSDEEP
1536:RnphiBMAMnL+by+PGuMsrQLOJgY8ZZP8LHD4XWaNH71dLdG1iiFM2iG2es4:RnPiBMAqeyXBsrQLOJgY8Zp8LHD4XWah
Score10/10-
Renames multiple (181) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Renames multiple (213) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-