General

  • Target

    79a67070f0fbff66cb39f3dadd3e3565b1b1b98ed9e079562aabd90d10ad75ac.exe

  • Size

    12.0MB

  • Sample

    241104-c1nlps1hnl

  • MD5

    59d018958d77ee68568eac6250a4224e

  • SHA1

    a5ac1b794b33da74b7d587b04394721f7aa96d0f

  • SHA256

    79a67070f0fbff66cb39f3dadd3e3565b1b1b98ed9e079562aabd90d10ad75ac

  • SHA512

    5f285f3920463646a77487c9e0b1c46ebe950f779fafb524d6064aa280ba84c3119cd19c2b88f3011e20a7f7b70a1341103d42baca28f1781d8670bca8737881

  • SSDEEP

    393216:VobaG+ZUoC9EYeWJ8taL/d2otNCk2rszUXS:VMaG+Z7C9M+RJ2ontkXS

Malware Config

Targets

    • Target

      79a67070f0fbff66cb39f3dadd3e3565b1b1b98ed9e079562aabd90d10ad75ac.exe

    • Size

      12.0MB

    • MD5

      59d018958d77ee68568eac6250a4224e

    • SHA1

      a5ac1b794b33da74b7d587b04394721f7aa96d0f

    • SHA256

      79a67070f0fbff66cb39f3dadd3e3565b1b1b98ed9e079562aabd90d10ad75ac

    • SHA512

      5f285f3920463646a77487c9e0b1c46ebe950f779fafb524d6064aa280ba84c3119cd19c2b88f3011e20a7f7b70a1341103d42baca28f1781d8670bca8737881

    • SSDEEP

      393216:VobaG+ZUoC9EYeWJ8taL/d2otNCk2rszUXS:VMaG+Z7C9M+RJ2ontkXS

    • Babuk Locker

      RaaS first seen in 2021 initially called Vasa Locker.

    • Babuk family

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Renames multiple (195) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.