General
-
Target
2024-04-16_6e355963c0b8e2ac11f64477fc1f2ab1_babuk_destroyer
-
Size
79KB
-
Sample
240416-2bnylsec63
-
MD5
6e355963c0b8e2ac11f64477fc1f2ab1
-
SHA1
f67e4271bd6acf8bd34df78e5e7eb2eb4771d05a
-
SHA256
cb2248a1d1e454db3e6d975e80a2f5f76b9d75cd29ed499fcd4c2f1db18d7db2
-
SHA512
42bf607ff319e056bdfc496a043339c98c63f7fb08538de06e6d0a511c77eebb9bcf6341ad1e1cd08b9095fbf6feb0bac53edaa6fb8b4da2c9cc84f37928fd2d
-
SSDEEP
1536:R6UhZM4hubesrQLOJgY8ZZP8LHD4XWaNH71dLdG1iiFM2iG2zs4F:9hZ5YesrQLOJgY8Zp8LHD4XWaNH71dL5
Static task
static1
Behavioral task
behavioral1
Sample
2024-04-16_6e355963c0b8e2ac11f64477fc1f2ab1_babuk_destroyer.exe
Resource
win7-20240319-en
Behavioral task
behavioral2
Sample
2024-04-16_6e355963c0b8e2ac11f64477fc1f2ab1_babuk_destroyer.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
C:\Recovery\_readme.txt
djvu
https://we.tl/t-eglcxvZv1s
Targets
-
-
Target
2024-04-16_6e355963c0b8e2ac11f64477fc1f2ab1_babuk_destroyer
-
Size
79KB
-
MD5
6e355963c0b8e2ac11f64477fc1f2ab1
-
SHA1
f67e4271bd6acf8bd34df78e5e7eb2eb4771d05a
-
SHA256
cb2248a1d1e454db3e6d975e80a2f5f76b9d75cd29ed499fcd4c2f1db18d7db2
-
SHA512
42bf607ff319e056bdfc496a043339c98c63f7fb08538de06e6d0a511c77eebb9bcf6341ad1e1cd08b9095fbf6feb0bac53edaa6fb8b4da2c9cc84f37928fd2d
-
SSDEEP
1536:R6UhZM4hubesrQLOJgY8ZZP8LHD4XWaNH71dLdG1iiFM2iG2zs4F:9hZ5YesrQLOJgY8Zp8LHD4XWaNH71dL5
Score10/10-
Renames multiple (204) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-