babuk | 37652b0c01d717b554c4871a5b3631cf304e54871e3a1f9514b14145a2031d80 | Triage

Submit
Reports

Overview

overview

Static

static

3

cryptolaemus

windows10-2004-x64

cryptolaemus

windows11-21h2-x64

Sharing

General

Target

37652b0c01d717b554c4871a5b3631cf304e54871e3a1f9514b14145a2031d80
Size

79KB
Sample

240512-xd7raaah9s
MD5

7deb707e7d264c73ce6b4dd905b6465d
SHA1

fc67274fb481cb02bf8bcb0e9139751e3f3a38cd
SHA256

37652b0c01d717b554c4871a5b3631cf304e54871e3a1f9514b14145a2031d80
SHA512

8663953e48319c6cb20e35c5eafae7605bd824db11d1e7ff552311e7a3180d306bcd27730456f2e9cdaa8a40128329c343b9e6ec0797966c2a5ba8c8e803744b
SSDEEP

1536:pOkWBeGPGEbmsrQLOJgY8ZZP8LHD4XWaNH71dLdG1iiFM2iG2nsf:8BeBsmsrQLOJgY8Zp8LHD4XWaNH71dLc

Score

10^/10

babuk defense_evasion execution impact ransomware

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

37652b0c01d717b554c4871a5b3631cf304e54871e3a1f9514b14145a2031d80.exe

Resource

win10v2004-20240508-en

babuk defense_evasion execution impact ransomware

windows10-2004-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

37652b0c01d717b554c4871a5b3631cf304e54871e3a1f9514b14145a2031d80.exe

Resource

win11-20240508-en

babuk defense_evasion execution impact ransomware

windows11-21h2-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  37652b0c01d717b554c4871a5b3631cf304e54871e3a1f9514b14145a2031d80
- Size
  
  79KB
- MD5
  
  7deb707e7d264c73ce6b4dd905b6465d
- SHA1
  
  fc67274fb481cb02bf8bcb0e9139751e3f3a38cd
- SHA256
  
  37652b0c01d717b554c4871a5b3631cf304e54871e3a1f9514b14145a2031d80
- SHA512
  
  8663953e48319c6cb20e35c5eafae7605bd824db11d1e7ff552311e7a3180d306bcd27730456f2e9cdaa8a40128329c343b9e6ec0797966c2a5ba8c8e803744b
- SSDEEP
  
  1536:pOkWBeGPGEbmsrQLOJgY8ZZP8LHD4XWaNH71dLdG1iiFM2iG2nsf:8BeBsmsrQLOJgY8Zp8LHD4XWaNH71dLc
Score

10^/10

babuk defense_evasion execution impact ransomware
- Babuk Locker
  RaaS first seen in 2021 initially called Vasa Locker.
  ransomware babuk
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware defense_evasion impact execution
- Renames multiple (175) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Windows Management Instrumentation

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

File Deletion

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Resource Development

Reconnaissance

Tasks

static1

behavioral1

babukdefense_evasionexecutionimpactransomware

behavioral2

babukdefense_evasionexecutionimpactransomware

© 2018-2024

Terms | Privacy