Extracted

• • Target

    30fcff7add11ea6685a233c8ce1fc30abe67044630524a6eb363573a4a9f88b8.exe

  • Size

    31KB

  • MD5

    dd7f88a68a76acc0be9eb0515d54a82a

  • SHA1

    ca205a28b8dbd74c60fdeaf522804d5a2a45dd0b

  • SHA256

    30fcff7add11ea6685a233c8ce1fc30abe67044630524a6eb363573a4a9f88b8

  • SHA512

    8e99c1d3291dacaf13c7aff75549d50484b593022bdb82cb3ecffd58f0bbf1dd1ae4deeb09f072d4c3f1b8918a0bc785a397143863466975dad950e115db5af6

  • SSDEEP

    768:73QN4DGrqBLP977YowZe478mR26fgjVyBm8Je7tFv/7iJFzMWe:7gdoT93DaRXf5B+tFcJe

  Score

  10^/10

  babukcredential_accessdefense_evasiondiscoveryexecutionimpactransomwarestealerspyware

  • Babuk Locker

    RaaS first seen in 2021 initially called Vasa Locker.

    ransomwarebabuk

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution

  • Renames multiple (407) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Credentials from Password Stores: Windows Credential Manager

    Suspicious access to Credentials History.

    credential_accessstealer

  • Drops startup file

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  behavioral1behavioral2