MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cbdc8fd073176c4e0328aff65147f37e5d46847de62508e7a3cf12f49a40b799. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Babuk

Vendor detections: 9

Intelligence 9 IOCs YARA 2 File information Comments

SHA256 hash:	cbdc8fd073176c4e0328aff65147f37e5d46847de62508e7a3cf12f49a40b799
SHA3-384 hash:	2ebd394c079cde60354a46e4cf91fe10f053a11755bacabd40317bf907475bca12b747ecaa85a89b6ea7c1045c093a30
SHA1 hash:	730417848eaf82434e56e14b4bf9a89b510052d8
MD5 hash:	cdef2e8636422621b2e5350c889be2a5
humanhash:	autumn-utah-solar-low
File name:	dttcodexgigas.exe
Download:	download sample
Signature	Babuk Create hunting rule
File size:	71'680 bytes
First seen:	2021-03-28 23:32:35 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	12c24b5c3cfb06397403d3a368a47ee3 (1 x Babuk)
ssdeep	1536:y/iUeTD0DsbEmDx1xhiBsrQLOJgY8ZZP8LHD4XWaNH71dLdG1iiFM2iG2hyqM8EI:yaUeTD0gbrDx1xusrQLOJgY8Zp8LHD4D
Threatray	8 similar samples on MalwareBazaar
TLSH	F96383116B45E6B6D5911130811BF1B6C23A197003F2A267A7C11BBFFB256B8E27DF23
Reporter	FirehaK
Tags:	Babuk babyk Decryptor Ransomware

Intelligence

File Origin

# of uploads :

# of downloads :

427

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

dttcodexgigas.exe

Verdict:

No threats detected

Analysis date:

2021-03-28 23:36:05 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/72bcd628-d744-4a8c-8ce3-827387e13f20

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

Babuk

Link:

https://www.capesandbox.com/analysis/127418/

Detection(s):

Win.Ransomware.Maze-7473772-0

Win.Ransomware.Babuk-9819006-0

Result

Verdict:

Clean

Maliciousness:

Behaviour

Launching the default Windows debugger (dwwin.exe)

Sending a custom TCP request

Sending a UDP request

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Babuk ransomware

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/a29b5657-9cc0-45d7-bbac-b21bd515c1c2

Result

Threat name:

Babuk

Detection:

malicious

Classification:

rans

Score:

60 / 100

Link:

https://www.joesandbox.com/analysis/656297

Signature

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Yara detected Babuk Ransomware

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/cbdc8fd073176c4e0328aff65147f37e5d46847de62508e7a3cf12f49a40b799/

Threat name:

Win32.Ransomware.Maze

Status:

Malicious

First seen:

2021-03-28 20:36:29 UTC

AV detection:

20 of 48 (41.67%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=zpoi7udtc5we4aziv73fcr7tpzounbd54ysqrz5dz4jpjgsaw6mq._file

Verdict:

malicious

Babuk

391cfcd153881743556f76de7bbca5b19857f8b69a6f6f6dfde6fd9b06c17f5e

Babuk

499e43933c5ee3bb730417e07d74c93a5f7d7dee05db31714e09dffeb7e3c285

Babuk

704a0fa7de19564bc743fb68aa0652e38bf86e8ab694bc079b15f945c85f4320

Babuk

81e7942a1f32fb18e37cf622c5a24b7c54c4792549363fddf9a3a9095a07f23e

Babuk

9a089790e04683ebf37d9746e0284322f59c46eef2a86cc231839482f323e871

Babuk

ab4eae618bb05b4fb4a8d3790a0d18a3e1566ab477519991cb161398803a8847

Babuk

afcf265a1dcd9eab5aab270d48aa561e4ddeb71c05e32c857d3b809bb64c0430

Babuk

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/210328-c5yq4gzzmx/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Program crash

Unpacked files

SH256 hash:

cbdc8fd073176c4e0328aff65147f37e5d46847de62508e7a3cf12f49a40b799

MD5 hash:

cdef2e8636422621b2e5350c889be2a5

SHA1 hash:

730417848eaf82434e56e14b4bf9a89b510052d8

Link:

https://www.unpac.me/results/da1bc7ad-bf98-453e-9bff-478f87dea1b5/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/cbdc8fd073176c4e0328aff65147f37e5d46847de62508e7a3cf12f49a40b799

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	Babuk Create hunting rule
Author:	@_FirehaK <yara@firehak.com>
Description:	Babuk / Babyk ransomware
Reference:	http://chuongdong.com/reverse%20engineering/2021/01/03/BabukRansomware/

Rule name:	Babuk_Decryptor Create hunting rule
Author:	@_FirehaK <yara@firehak.com>
Description:	Decryptor for Babuk / Babyk ransomware
Reference:	http://chuongdong.com/reverse%20engineering/2021/01/03/BabukRansomware/

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/127418/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample