Overview

overview

10

Static

static

3

2024-10-08...er.exe

windows7-x64

10

2024-10-08...er.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-10-08_68bf1085ec802285100f41623f72ba09_babuk_destroyer

  • Size

    79KB

  • Sample

    241008-hqz5mstgrr

  • MD5

    68bf1085ec802285100f41623f72ba09

  • SHA1

    e7de2444870a0c7abbd518861a5091ce005c2de5

  • SHA256

    ce834c286e0f09e631cee4fb2a79460c5b51a4b5ff1fd37d199293f4601f5ea1

  • SHA512

    b80697efeae5826726beda947c1b1dffc2cbfc061834e070e8c9a43c79ecbeb130eca54ad9caf0296d6e40d6700cbdd061460a4f60f1928398e1594292148523

  • SSDEEP

    1536:m6UhZM4hubesrQLOJgY8ZZP8LHD4XWaNH71dLdG1iiFM2iG2zs4:ghZ5YesrQLOJgY8Zp8LHD4XWaNH71dLI

Score
10/10
babukdefense_evasiondiscoveryexecutionimpactransomware

Malware Config

Targets

    • Target

      2024-10-08_68bf1085ec802285100f41623f72ba09_babuk_destroyer

    • Size

      79KB

    • MD5

      68bf1085ec802285100f41623f72ba09

    • SHA1

      e7de2444870a0c7abbd518861a5091ce005c2de5

    • SHA256

      ce834c286e0f09e631cee4fb2a79460c5b51a4b5ff1fd37d199293f4601f5ea1

    • SHA512

      b80697efeae5826726beda947c1b1dffc2cbfc061834e070e8c9a43c79ecbeb130eca54ad9caf0296d6e40d6700cbdd061460a4f60f1928398e1594292148523

    • SSDEEP

      1536:m6UhZM4hubesrQLOJgY8ZZP8LHD4XWaNH71dLdG1iiFM2iG2zs4:ghZ5YesrQLOJgY8Zp8LHD4XWaNH71dLI

    Score
    10/10
    babukdefense_evasiondiscoveryexecutionimpactransomware

    • Babuk Locker

      RaaS first seen in 2021 initially called Vasa Locker.

      ransomwarebabuk

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomwaredefense_evasionimpactexecution

    • Renames multiple (211) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks