Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

3_args_f_2..._2.exe

windows7-x64

10

3_args_f_2..._2.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3_args_f_2_multibabyk_ST_2.bin

  • Size

    79KB

  • Sample

    250307-j6x6nawyfx

  • MD5

    e138a805298dd2a6d34cf2938d8365fb

  • SHA1

    597766c27925e736e64b44c04fb129d435a72e05

  • SHA256

    54df3c1e4ed32b0950b85d7d8c551768cc945f52c61752ead5c5db180462d761

  • SHA512

    c2c60e61a6df6fe525c240290755691e3d92ae31abc9f34994a0f80b024ca1f7741c8209373481c4efd0dc2e4ffc16cd5df33364d0569ee74015b20f9f1d691b

  • SSDEEP

    1536:0GPeWBeGPGEbOsrQLOJgY8ZZP8LHD4XWaNH71dLdG1iiFM2iG2nsf:RBeBsOsrQLOJgY8Zp8LHD4XWaNH71dLc

Score
10/10
babukdefense_evasiondiscoveryexecutionimpactransomware

Malware Config

Targets

    • Target

      3_args_f_2_multibabyk_ST_2.bin

    • Size

      79KB

    • MD5

      e138a805298dd2a6d34cf2938d8365fb

    • SHA1

      597766c27925e736e64b44c04fb129d435a72e05

    • SHA256

      54df3c1e4ed32b0950b85d7d8c551768cc945f52c61752ead5c5db180462d761

    • SHA512

      c2c60e61a6df6fe525c240290755691e3d92ae31abc9f34994a0f80b024ca1f7741c8209373481c4efd0dc2e4ffc16cd5df33364d0569ee74015b20f9f1d691b

    • SSDEEP

      1536:0GPeWBeGPGEbOsrQLOJgY8ZZP8LHD4XWaNH71dLdG1iiFM2iG2nsf:RBeBsOsrQLOJgY8Zp8LHD4XWaNH71dLc

    Score
    10/10
    babukdefense_evasiondiscoveryexecutionimpactransomware

    • Babuk Locker

      RaaS first seen in 2021 initially called Vasa Locker.

      ransomwarebabuk

    • Babuk family

      babuk

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomwaredefense_evasionimpactexecution

    • Renames multiple (232) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks