Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

10_queue_f..._1.exe

windows7-x64

10

10_queue_f..._1.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    10_queue_f_3_multibabyk_ST_1.bin

  • Size

    87KB

  • Sample

    250307-jq18dawxay

  • MD5

    d81bb664aedc6147c68ef73ba08f096b

  • SHA1

    e46b65dd5f553c55cb90626eeab818d2f3789135

  • SHA256

    805a59f4594f972ec53bc302e786bb1d74c488a769f785cfebf3c90d3352c228

  • SHA512

    ab519a7bc40264210e5201b889abae0cdbfecdde5e6db594057b32582cb54d30ddca6acd3b8b516d16b84d216f50b962abb48c20a0024f947c06f5747b450d3c

  • SSDEEP

    1536:lIRJMCUzAtXsrQLOJgY8ZZP8LHD4XWaNH71dLdG1iiFM2iG2NMkuQEoZF:4MCdpsrQLOJgY8Zp8LHD4XWaNH71dLdN

Score
10/10
babukdefense_evasiondiscoveryexecutionimpactransomware

Malware Config

Targets

    • Target

      10_queue_f_3_multibabyk_ST_1.bin

    • Size

      87KB

    • MD5

      d81bb664aedc6147c68ef73ba08f096b

    • SHA1

      e46b65dd5f553c55cb90626eeab818d2f3789135

    • SHA256

      805a59f4594f972ec53bc302e786bb1d74c488a769f785cfebf3c90d3352c228

    • SHA512

      ab519a7bc40264210e5201b889abae0cdbfecdde5e6db594057b32582cb54d30ddca6acd3b8b516d16b84d216f50b962abb48c20a0024f947c06f5747b450d3c

    • SSDEEP

      1536:lIRJMCUzAtXsrQLOJgY8ZZP8LHD4XWaNH71dLdG1iiFM2iG2NMkuQEoZF:4MCdpsrQLOJgY8Zp8LHD4XWaNH71dLdN

    Score
    10/10
    babukdefense_evasiondiscoveryexecutionimpactransomware

    • Babuk Locker

      RaaS first seen in 2021 initially called Vasa Locker.

      ransomwarebabuk

    • Babuk family

      babuk

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomwaredefense_evasionimpactexecution

    • Renames multiple (181) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks