General

  • Target

    2024-01-30_dde253fbf823011af1961649e16e218c_babuk_destroyer

  • Size

    79KB

  • Sample

    240130-prgg9ahcbn

  • MD5

    dde253fbf823011af1961649e16e218c

  • SHA1

    a725eac8b1e7487078dd79bac03b635fb658a511

  • SHA256

    ff78e9706891818a3db5ef3f46f107250f59bff43276d72e77eb4ec9d26e0e66

  • SHA512

    27f50866d9bd67b5859d0d7589a996b0ef0d131dea54b62d4e34c71200751739cba64257fe4cdc15ca86f52e3e017172b95b3290a1b6b76cb38c7ee46e5f9b77

  • SSDEEP

    1536:UmkWBeG/vEbmsrQLOJgY8ZZP8LHD4XWaNH71dLdG1iiFM2iG2nsf:HBeQsmsrQLOJgY8Zp8LHD4XWaNH71dLc

Score
10/10

Malware Config

Targets

    • Target

      2024-01-30_dde253fbf823011af1961649e16e218c_babuk_destroyer

    • Size

      79KB

    • MD5

      dde253fbf823011af1961649e16e218c

    • SHA1

      a725eac8b1e7487078dd79bac03b635fb658a511

    • SHA256

      ff78e9706891818a3db5ef3f46f107250f59bff43276d72e77eb4ec9d26e0e66

    • SHA512

      27f50866d9bd67b5859d0d7589a996b0ef0d131dea54b62d4e34c71200751739cba64257fe4cdc15ca86f52e3e017172b95b3290a1b6b76cb38c7ee46e5f9b77

    • SSDEEP

      1536:UmkWBeG/vEbmsrQLOJgY8ZZP8LHD4XWaNH71dLdG1iiFM2iG2nsf:HBeQsmsrQLOJgY8Zp8LHD4XWaNH71dLc

    Score
    10/10
    • Babuk Locker

      RaaS first seen in 2021 initially called Vasa Locker.

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Renames multiple (191) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks