babuk | 4740ab354a836006d48c6af651852df436a1ed07e9ad4fa09c9aa6cd34fd68d4 | Triage

Submit
Reports

Overview

overview

Static

static

3

4740ab354a...d4.exe

windows7-x64

4740ab354a...d4.exe

windows10-2004-x64

Sharing

General

Target

4740ab354a836006d48c6af651852df436a1ed07e9ad4fa09c9aa6cd34fd68d4
Size

14KB
Sample

240528-fkfgyagd44
MD5

cf37b43fd1149f718c085c1926bacfd5
SHA1

dc68b780d86929b212d0bd6adb7f3aa1a06894f5
SHA256

4740ab354a836006d48c6af651852df436a1ed07e9ad4fa09c9aa6cd34fd68d4
SHA512

7f8696d8fa85946b487bd0793981a511a4673f433d847fe7f5a89794c1be76537a59980a386e79a70a7a78182f173b3304957f0890ae770cf0b23222851dd4f6
SSDEEP

384:W/B5q72Bxo/NmBsRvWfM326U8bt8/3AKQj:6B5G2BiVOs9uMS8bt8y

Score

10^/10

babuk defense_evasion execution impact ransomware

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

4740ab354a836006d48c6af651852df436a1ed07e9ad4fa09c9aa6cd34fd68d4.exe

Resource

win7-20240220-en

babuk defense_evasion execution impact ransomware

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

4740ab354a836006d48c6af651852df436a1ed07e9ad4fa09c9aa6cd34fd68d4.exe

Resource

win10v2004-20240426-en

babuk defense_evasion execution impact ransomware

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  4740ab354a836006d48c6af651852df436a1ed07e9ad4fa09c9aa6cd34fd68d4
- Size
  
  14KB
- MD5
  
  cf37b43fd1149f718c085c1926bacfd5
- SHA1
  
  dc68b780d86929b212d0bd6adb7f3aa1a06894f5
- SHA256
  
  4740ab354a836006d48c6af651852df436a1ed07e9ad4fa09c9aa6cd34fd68d4
- SHA512
  
  7f8696d8fa85946b487bd0793981a511a4673f433d847fe7f5a89794c1be76537a59980a386e79a70a7a78182f173b3304957f0890ae770cf0b23222851dd4f6
- SSDEEP
  
  384:W/B5q72Bxo/NmBsRvWfM326U8bt8/3AKQj:6B5G2BiVOs9uMS8bt8y
Score

10^/10

babuk defense_evasion execution impact ransomware
- Babuk Locker
  RaaS first seen in 2021 initially called Vasa Locker.
  ransomware babuk
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware defense_evasion impact execution
- Renames multiple (221) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Windows Management Instrumentation

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

File Deletion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

babukdefense_evasionexecutionimpactransomware

behavioral2

babukdefense_evasionexecutionimpactransomware

© 2018-2024

Terms | Privacy