Resubmissions

06-11-2024 21:51

241106-1qlalaydkg 10

04-11-2024 21:29

241104-1bzvfaxkcs 10

04-11-2024 21:17

241104-z43lcsxejc 10

03-11-2024 21:29

241103-1byx5svelh 10

General

  • Target

    79a67070f0fbff66cb39f3dadd3e3565b1b1b98ed9e079562aabd90d10ad75ac.zip

  • Size

    11.8MB

  • Sample

    241104-z43lcsxejc

  • MD5

    6db006a488603a965fb7374a13371745

  • SHA1

    549694ef5294f4389feeab8a32fafa7cef3a2374

  • SHA256

    a41df9f000efd4e8286fdac8f793da281e4a58761e90c2c149d8ee126e23a6d4

  • SHA512

    40b52f5b49b957426a195d1a9b2e03dca1f92db01d2cc3934a8f5f4c723ff21d38cd2aec2112d3b7f18227a7ea05011891ac428feb5f8ac96b1c89f3afd8ebb7

  • SSDEEP

    196608:B4eJaz61K46JZmcyxUoN1NTkFIsMdqmdxKNMQtM4kF+AcmcCWS58yL8OaJd:BvQ9pDQnTRMmLKj0Fw3NCmd

Malware Config

Targets

    • Target

      79a67070f0fbff66cb39f3dadd3e3565b1b1b98ed9e079562aabd90d10ad75ac

    • Size

      12.0MB

    • MD5

      59d018958d77ee68568eac6250a4224e

    • SHA1

      a5ac1b794b33da74b7d587b04394721f7aa96d0f

    • SHA256

      79a67070f0fbff66cb39f3dadd3e3565b1b1b98ed9e079562aabd90d10ad75ac

    • SHA512

      5f285f3920463646a77487c9e0b1c46ebe950f779fafb524d6064aa280ba84c3119cd19c2b88f3011e20a7f7b70a1341103d42baca28f1781d8670bca8737881

    • SSDEEP

      393216:VobaG+ZUoC9EYeWJ8taL/d2otNCk2rszUXS:VMaG+Z7C9M+RJ2ontkXS

    • Babuk Locker

      RaaS first seen in 2021 initially called Vasa Locker.

    • Babuk family

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Renames multiple (213) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.