Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

3_args_f_2..._1.exe

windows10-2004-x64

10

3_args_f_2..._1.exe

windows10-ltsc 2021-x64

10

Resubmissions

07/03/2025, 08:18

250307-j7nnlsxmv6 10

07/03/2025, 07:48

250307-jm45vsxkv9 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3_args_f_2_multibabyk_ST_1.bin

  • Size

    87KB

  • Sample

    250307-j7nnlsxmv6

  • MD5

    9183aa0243debfb1c483f060986dab1b

  • SHA1

    206865709f3f5d286e7c6cfab4a8815517d10715

  • SHA256

    d359e7a2b94bda43505009956592645e4e96d801f326610aac15eb776b0bb155

  • SHA512

    10f9bc9ce7810b57adc52089313db7a35181151432a8250963179b3785e693827bf68d1716291612a831eeda96f906316a54935001cf279efd327e2f34d15ca1

  • SSDEEP

    1536:kcfdhe/yPhBg3AGmisrQLOJgY8ZZP8LHD4XWaNH71dLdG1iiFM2iG2CaE:Jhe/yPaJ/srQLOJgY8Zp8LHD4XWaNH7u

Score
10/10
babukdefense_evasiondiscoveryexecutionimpactransomware

Malware Config

Targets

    • Target

      3_args_f_2_multibabyk_ST_1.bin

    • Size

      87KB

    • MD5

      9183aa0243debfb1c483f060986dab1b

    • SHA1

      206865709f3f5d286e7c6cfab4a8815517d10715

    • SHA256

      d359e7a2b94bda43505009956592645e4e96d801f326610aac15eb776b0bb155

    • SHA512

      10f9bc9ce7810b57adc52089313db7a35181151432a8250963179b3785e693827bf68d1716291612a831eeda96f906316a54935001cf279efd327e2f34d15ca1

    • SSDEEP

      1536:kcfdhe/yPhBg3AGmisrQLOJgY8ZZP8LHD4XWaNH71dLdG1iiFM2iG2CaE:Jhe/yPaJ/srQLOJgY8Zp8LHD4XWaNH7u

    Score
    10/10
    babukdefense_evasiondiscoveryexecutionimpactransomware

    • Babuk Locker

      RaaS first seen in 2021 initially called Vasa Locker.

      ransomwarebabuk

    • Babuk family

      babuk

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomwaredefense_evasionimpactexecution

    • Renames multiple (172) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks