Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

2_args_f_1..._1.exe

windows7-x64

10

2_args_f_1..._1.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2_args_f_1_multibabyk_ST_1.bin

  • Size

    86KB

  • Sample

    250307-jr7rjswxbw

  • MD5

    b222b2057c616f438c136f71965e69e5

  • SHA1

    61f5c7b2b9658d08cce2b4ef6ac9b7d9ef2a4f35

  • SHA256

    94522e180e9720da7ded0d8474467868fb2fef8bde85cc12b5e7a03b589b87c9

  • SHA512

    0d6e12fb69b9cf250f3f89b6f3e44b11ac5e6045215bb709cd01a5f5fa9eefdd65a38a534a2ce7b1886c2f6bfb0f960ec00c3dd6cc63957c3ae64475afe17876

  • SSDEEP

    1536:KVChe/yPhBg3AJsrQLOJgY8ZZP8LHD4XWaNH71dLdG1iiFM2iG2CNE:zhe/yPacsrQLOJgY8Zp8LHD4XWaNH71/

Score
10/10
babukdefense_evasiondiscoveryexecutionimpactransomware

Malware Config

Targets

    • Target

      2_args_f_1_multibabyk_ST_1.bin

    • Size

      86KB

    • MD5

      b222b2057c616f438c136f71965e69e5

    • SHA1

      61f5c7b2b9658d08cce2b4ef6ac9b7d9ef2a4f35

    • SHA256

      94522e180e9720da7ded0d8474467868fb2fef8bde85cc12b5e7a03b589b87c9

    • SHA512

      0d6e12fb69b9cf250f3f89b6f3e44b11ac5e6045215bb709cd01a5f5fa9eefdd65a38a534a2ce7b1886c2f6bfb0f960ec00c3dd6cc63957c3ae64475afe17876

    • SSDEEP

      1536:KVChe/yPhBg3AJsrQLOJgY8ZZP8LHD4XWaNH71dLdG1iiFM2iG2CNE:zhe/yPacsrQLOJgY8Zp8LHD4XWaNH71/

    Score
    10/10
    babukdefense_evasiondiscoveryexecutionimpactransomware

    • Babuk Locker

      RaaS first seen in 2021 initially called Vasa Locker.

      ransomwarebabuk

    • Babuk family

      babuk

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomwaredefense_evasionimpactexecution

    • Renames multiple (222) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks