Overview

overview

10

Static

static

1

URLScan

urlscan

1

https://bazaar.abuse...

windows10-2004-x64

10

Resubmissions

05-11-2024 04:41

241105-fa9m2axlfp 10

05-11-2024 04:38

241105-e9f94avcnc 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    https://bazaar.abuse.ch/download/79a67070f0fbff66cb39f3dadd3e3565b1b1b98ed9e079562aabd90d10ad75ac/

  • Sample

    241105-fa9m2axlfp

Score
10/10
babukdefense_evasiondiscoveryexecutionimpactpyinstallerransomware

Malware Config

Targets

    • Target

      https://bazaar.abuse.ch/download/79a67070f0fbff66cb39f3dadd3e3565b1b1b98ed9e079562aabd90d10ad75ac/

    Score
    10/10
    babukdefense_evasiondiscoveryexecutionimpactpyinstallerransomware

    • Babuk Locker

      RaaS first seen in 2021 initially called Vasa Locker.

      ransomwarebabuk

    • Babuk family

      babuk

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomwaredefense_evasionimpactexecution

    • Renames multiple (187) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks