babuk | adb10da10d9e2cc882bfadf2210a6cb2fdc62308470200401ffe869c01405995 | Triage

Submit
Reports

Overview

overview

Static

static

2024-04-19...er.exe

windows7-x64

2024-04-19...er.exe

windows10-2004-x64

Sharing

General

Target

2024-04-19_d5eaa5c4f55781bc3f161e7c583e45c4_babuk_destroyer
Size

79KB
Sample

240419-zt5yqsgc3y
MD5

d5eaa5c4f55781bc3f161e7c583e45c4
SHA1

d3796032c80f40cd7e1c6c8b5896ac8945c3eee1
SHA256

adb10da10d9e2cc882bfadf2210a6cb2fdc62308470200401ffe869c01405995
SHA512

5ae0af58d804e8f1ec624d1f4ea68a625d75373d14c73ea7ce8f0a988c0427a69138fa8ceeab978f7db3c246a44169fa33aa79107897c94b483cd657bde176ff
SSDEEP

1536:apoUyFydC/ZbtsrQLOJgY8ZZP8LHD4XWaNH71dLdG1iiFM2iG2ncf:1UyFydC/NtsrQLOJgY8Zp8LHD4XWaNHY

Score

10^/10

babuk ransomware

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

2024-04-19_d5eaa5c4f55781bc3f161e7c583e45c4_babuk_destroyer.exe

Resource

win7-20240221-en

babuk ransomware

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

2024-04-19_d5eaa5c4f55781bc3f161e7c583e45c4_babuk_destroyer.exe

Resource

win10v2004-20240412-en

babuk ransomware

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  2024-04-19_d5eaa5c4f55781bc3f161e7c583e45c4_babuk_destroyer
- Size
  
  79KB
- MD5
  
  d5eaa5c4f55781bc3f161e7c583e45c4
- SHA1
  
  d3796032c80f40cd7e1c6c8b5896ac8945c3eee1
- SHA256
  
  adb10da10d9e2cc882bfadf2210a6cb2fdc62308470200401ffe869c01405995
- SHA512
  
  5ae0af58d804e8f1ec624d1f4ea68a625d75373d14c73ea7ce8f0a988c0427a69138fa8ceeab978f7db3c246a44169fa33aa79107897c94b483cd657bde176ff
- SSDEEP
  
  1536:apoUyFydC/ZbtsrQLOJgY8ZZP8LHD4XWaNH71dLdG1iiFM2iG2ncf:1UyFydC/NtsrQLOJgY8Zp8LHD4XWaNHY
Score

10^/10

babuk ransomware
- Babuk Locker
  RaaS first seen in 2021 initially called Vasa Locker.
  ransomware babuk
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Renames multiple (192) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

File Deletion

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Resource Development

Reconnaissance

Tasks

static1

behavioral1

babukransomware

behavioral2

babukransomware

© 2018-2024

Terms | Privacy