General
-
Target
2024-09-04_535d7581519e1a575b54ed9b10a22f9e_babuk_destroyer
-
Size
79KB
-
Sample
240904-aymwaa1ekn
-
MD5
535d7581519e1a575b54ed9b10a22f9e
-
SHA1
9d6092b82c80880dabe6e01608a68b655aef3ce5
-
SHA256
ab5f9ab8a8072142d4b6ffcfdf50442cc729f67ce327b6afc73d7dbc51c49520
-
SHA512
5672a1d5395158ba0d2032688e4bb571ac0d7c53bbb462891f807df430478b7412fe7e980c26020b2642caf490a34a4430012a6d03bd4c849e44298f9760666b
-
SSDEEP
1536:PJkWBeGovEb+srQLOJgY8ZZP8LHD4XWaNH71dLdG1iiFM2iG2vsf:DBeJs+srQLOJgY8Zp8LHD4XWaNH71dLE
Static task
static1
Behavioral task
behavioral1
Sample
2024-09-04_535d7581519e1a575b54ed9b10a22f9e_babuk_destroyer.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
2024-09-04_535d7581519e1a575b54ed9b10a22f9e_babuk_destroyer.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
2024-09-04_535d7581519e1a575b54ed9b10a22f9e_babuk_destroyer
-
Size
79KB
-
MD5
535d7581519e1a575b54ed9b10a22f9e
-
SHA1
9d6092b82c80880dabe6e01608a68b655aef3ce5
-
SHA256
ab5f9ab8a8072142d4b6ffcfdf50442cc729f67ce327b6afc73d7dbc51c49520
-
SHA512
5672a1d5395158ba0d2032688e4bb571ac0d7c53bbb462891f807df430478b7412fe7e980c26020b2642caf490a34a4430012a6d03bd4c849e44298f9760666b
-
SSDEEP
1536:PJkWBeGovEb+srQLOJgY8ZZP8LHD4XWaNH71dLdG1iiFM2iG2vsf:DBeJs+srQLOJgY8Zp8LHD4XWaNH71dLE
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Renames multiple (192) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-