General
-
Target
2024-01-30_dde253fbf823011af1961649e16e218c_babuk_destroyer
-
Size
79KB
-
Sample
240130-prgg9ahcbn
-
MD5
dde253fbf823011af1961649e16e218c
-
SHA1
a725eac8b1e7487078dd79bac03b635fb658a511
-
SHA256
ff78e9706891818a3db5ef3f46f107250f59bff43276d72e77eb4ec9d26e0e66
-
SHA512
27f50866d9bd67b5859d0d7589a996b0ef0d131dea54b62d4e34c71200751739cba64257fe4cdc15ca86f52e3e017172b95b3290a1b6b76cb38c7ee46e5f9b77
-
SSDEEP
1536:UmkWBeG/vEbmsrQLOJgY8ZZP8LHD4XWaNH71dLdG1iiFM2iG2nsf:HBeQsmsrQLOJgY8Zp8LHD4XWaNH71dLc
Malware Config
Targets
-
-
Target
2024-01-30_dde253fbf823011af1961649e16e218c_babuk_destroyer
-
Size
79KB
-
MD5
dde253fbf823011af1961649e16e218c
-
SHA1
a725eac8b1e7487078dd79bac03b635fb658a511
-
SHA256
ff78e9706891818a3db5ef3f46f107250f59bff43276d72e77eb4ec9d26e0e66
-
SHA512
27f50866d9bd67b5859d0d7589a996b0ef0d131dea54b62d4e34c71200751739cba64257fe4cdc15ca86f52e3e017172b95b3290a1b6b76cb38c7ee46e5f9b77
-
SSDEEP
1536:UmkWBeG/vEbmsrQLOJgY8ZZP8LHD4XWaNH71dLdG1iiFM2iG2nsf:HBeQsmsrQLOJgY8Zp8LHD4XWaNH71dLc
Score10/10-
Babuk Locker
RaaS first seen in 2021 initially called Vasa Locker.
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Renames multiple (191) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-