Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

2025-02-26...er.exe

windows7-x64

10

2025-02-26...er.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2025-02-26_ac9855d588b1415c2d8c7bd5d83cf00c_babuk_destroyer

  • Size

    79KB

  • Sample

    250226-jlsenszjv9

  • MD5

    ac9855d588b1415c2d8c7bd5d83cf00c

  • SHA1

    c67386b8563aaa182d3bef4b683c1330a4fe84f2

  • SHA256

    1ee0514f19667ee09097843d95eed863d311e2887ba9910754eeeda29649948d

  • SHA512

    87563137f3a1310bc0bc8f5656d88714a2820e778bfe49294858443f1399c07e9631f653cf7078515595ef4c11f87c9e7b6872167b2bb4c0041b99040b79e6ce

  • SSDEEP

    1536:/SkWBeGPGEbmsrQLOJgY8ZZP8LHD4XWaNH71dLdG1iiFM2iG2nsf:GBeBsmsrQLOJgY8Zp8LHD4XWaNH71dLc

Score
10/10
babukdefense_evasiondiscoveryexecutionimpactransomware

Malware Config

Targets

    • Target

      2025-02-26_ac9855d588b1415c2d8c7bd5d83cf00c_babuk_destroyer

    • Size

      79KB

    • MD5

      ac9855d588b1415c2d8c7bd5d83cf00c

    • SHA1

      c67386b8563aaa182d3bef4b683c1330a4fe84f2

    • SHA256

      1ee0514f19667ee09097843d95eed863d311e2887ba9910754eeeda29649948d

    • SHA512

      87563137f3a1310bc0bc8f5656d88714a2820e778bfe49294858443f1399c07e9631f653cf7078515595ef4c11f87c9e7b6872167b2bb4c0041b99040b79e6ce

    • SSDEEP

      1536:/SkWBeGPGEbmsrQLOJgY8ZZP8LHD4XWaNH71dLdG1iiFM2iG2nsf:GBeBsmsrQLOJgY8Zp8LHD4XWaNH71dLc

    Score
    10/10
    babukdefense_evasiondiscoveryexecutionimpactransomware

    • Babuk Locker

      RaaS first seen in 2021 initially called Vasa Locker.

      ransomwarebabuk

    • Babuk family

      babuk

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomwaredefense_evasionimpactexecution

    • Renames multiple (200) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks