Overview

overview

10

Static

static

3

2024-09-04...er.exe

windows7-x64

10

2024-09-04...er.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-09-04_cd80dc7644c812853899d925af527c5d_babuk_destroyer

  • Size

    79KB

  • Sample

    240904-a5q7aa1fqm

  • MD5

    cd80dc7644c812853899d925af527c5d

  • SHA1

    945a5ab18824be709dd5db3a8a1dc477396c3fe7

  • SHA256

    cb5e69c29c3e7d54245d3f32d8f4f153c9f6b6704c96c92bae513e28f01208de

  • SHA512

    d666f0fe3e00dd1a27cc83ebce0b030572fe52aa48c212efa94005cdff2264c97dbfde2c51a16f1823a0837d47f8a75633416ad71944ec2a128c143f8b1b3e0f

  • SSDEEP

    1536:PJkWBeGovEb+srQLOJgY8ZZP8LHD4XWaNH71dLdG1iiFM2iG2vsf0:DBeJs+srQLOJgY8Zp8LHD4XWaNH71dLH

Score
10/10
babukdefense_evasiondiscoveryexecutionimpactransomware

Malware Config

Targets

    • Target

      2024-09-04_cd80dc7644c812853899d925af527c5d_babuk_destroyer

    • Size

      79KB

    • MD5

      cd80dc7644c812853899d925af527c5d

    • SHA1

      945a5ab18824be709dd5db3a8a1dc477396c3fe7

    • SHA256

      cb5e69c29c3e7d54245d3f32d8f4f153c9f6b6704c96c92bae513e28f01208de

    • SHA512

      d666f0fe3e00dd1a27cc83ebce0b030572fe52aa48c212efa94005cdff2264c97dbfde2c51a16f1823a0837d47f8a75633416ad71944ec2a128c143f8b1b3e0f

    • SSDEEP

      1536:PJkWBeGovEb+srQLOJgY8ZZP8LHD4XWaNH71dLdG1iiFM2iG2vsf0:DBeJs+srQLOJgY8Zp8LHD4XWaNH71dLH

    Score
    10/10
    babukdefense_evasiondiscoveryexecutionimpactransomware

    • Babuk Locker

      RaaS first seen in 2021 initially called Vasa Locker.

      ransomwarebabuk

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomwaredefense_evasionimpactexecution

    • Renames multiple (197) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks