Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

3_args_f_2..._3.exe

windows7-x64

10

3_args_f_2..._3.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3_args_f_2_multibabyk_ST_3.bin

  • Size

    79KB

  • Sample

    250307-kjhm5axscw

  • MD5

    e00b781226dd1ba7f3b663c83c421daa

  • SHA1

    8dae371749fd364d6e75ed2bb041a2c7e4494628

  • SHA256

    d1e7beeda2603476c7e89ef3dbf41b14b3ecf082ca8dcdf77809cafa3582eeb6

  • SHA512

    ace4b8c6918e96888e3f2e3bf40252c391d966790865fb3a98b0a4f14f14294f847b0dfdcd6444736b47873e946d36d9cdb1ab98f6d02592589f49a4eb123be2

  • SSDEEP

    1536:k7xvdRu8frEblsrQLOJgY8ZZP8LHD4XWaNH71dLdG1iiFM2iG2nsf:evdRuyslsrQLOJgY8Zp8LHD4XWaNH71i

Score
10/10
babukdefense_evasiondiscoveryexecutionimpactransomware

Malware Config

Targets

    • Target

      3_args_f_2_multibabyk_ST_3.bin

    • Size

      79KB

    • MD5

      e00b781226dd1ba7f3b663c83c421daa

    • SHA1

      8dae371749fd364d6e75ed2bb041a2c7e4494628

    • SHA256

      d1e7beeda2603476c7e89ef3dbf41b14b3ecf082ca8dcdf77809cafa3582eeb6

    • SHA512

      ace4b8c6918e96888e3f2e3bf40252c391d966790865fb3a98b0a4f14f14294f847b0dfdcd6444736b47873e946d36d9cdb1ab98f6d02592589f49a4eb123be2

    • SSDEEP

      1536:k7xvdRu8frEblsrQLOJgY8ZZP8LHD4XWaNH71dLdG1iiFM2iG2nsf:evdRuyslsrQLOJgY8Zp8LHD4XWaNH71i

    Score
    10/10
    babukdefense_evasiondiscoveryexecutionimpactransomware

    • Babuk Locker

      RaaS first seen in 2021 initially called Vasa Locker.

      ransomwarebabuk

    • Babuk family

      babuk

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomwaredefense_evasionimpactexecution

    • Renames multiple (204) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks