Babuk Locker Ransomware Sample Download
It ask user to contact them at their TOR for ransom demands and get the files back. The attackers usually demands from $60,000 to $85,000 in Bitcoins.
TOR Site Link
http://babukq4e2p4wu4iq.onion/login.php?id=8M60J4vCbbkKgM6QnA07E9qpkn0Qk7
Babuk Locker Ransomware Signatures
Family: Ransom:Win32/BabukLocker.MK!MTB MD5: e10713a4a5f635767dcd54d609bed977 SHA256: 8203c2f00ecd3ae960cb3247a7d7bfb35e55c38939607c85dbdb5c92f0495fa9
Babuk Locker Ransomware Download
Babuk Locker Ransomware YARA Rule
rule Babuk{
meta:
description = "YARA rule for Babuk Ransomware"
reference = "http://chuongdong.com/reverse%20engineering/2021/01/03/BabukRansomware/"
author = "@cPeterr"
date = "2021-01-03"
rule_version = "v1"
malware_type = "ransomware"
tlp = "white"
strings:
$lanstr1 = "-lanfirst"
$lanstr2 = "-lansecond"
$lanstr3 = "-nolan"
$str1 = "BABUK LOCKER"
$str2 = ".__NIST_K571__" wide
$str3 = "How To Restore Your Files.txt" wide
$str4 = "ecdh_pub_k.bin" wide
condition:
all of ($str*) and all of ($lanstr*)
}
|
| Pysa Ransomware Sample Download Pysa Ransomware, also know by its former name Mespinoza Ransomware is... | |
| Hentai Oniichan Ransomware Sample Download Hentai Oniichan Ransomware encrypts user data with Rijndael and then d... | |
| Polar Ransomware Sample Download Chinese hackers moves in to lucrative market of ransomwares and Polar ... | |
| 16x Ransomware Sample Download 16x Ransomware also know as Chinese ransomware encrypts its victim fil... | |
|
| Conti Ransomware Sample Download Conti Ransomware is the successor of the notorious Ryuk Ransomware. I... | |
|
| MountLocker Ransomware Sample Download MountLocker ransomware encrypts company and business user data with C... | |
|
| Ranzy Ransomware Sample Download Ranzy Locker Ransomware is the successor of Ako Ransomware and Thunde... | |
| DarkSide Ransomware Sample Download DarkSide ransomware highly selective and targeted toward its victims.... |