{
	"id": "6fa644fe-26a7-4c6d-89b3-2515adb4e39e",
	"created_at": "2026-04-06T00:21:44.11721Z",
	"updated_at": "2026-04-10T03:20:32.293673Z",
	"deleted_at": null,
	"sha1_hash": "5765dc49aeade0b0d177657078808d7dced8b17f",
	"title": "https://www.trendmicro.com/content/dam/trendmicro/global/en/research/23/d/an-analysis-of-the-bablock-ransomware-/iocs-an-analysis-of-the-babLock-ransomware.txt",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 39378,
	"plain_text": "https://www.trendmicro.com/content/dam/trendmicro/global/en/research/23/d/a\r\nanalysis-of-the-bablock-ransomware-/iocs-an-analysis-of-the-babLock-ransomware.txt\r\nArchived: 2026-04-05 22:34:34 UTC\r\nAn Analysis of the BabLock (aka Rorschach) Ransomware\r\n-------------------------------------------------------------------------------------------------------\r\nSHA1 File name Detection name\r\n3dd98117802d1992066188402ff63411f5a38c51 log.dll Trojan.Win64.DARKLOADER.YACE1\r\na571b70c6303e9144ed8a169bb0322e80226bcc5 log.dll Trojan.Win64.DARKLOADER.SMYACE1\r\n5953d721de1716fca88fa6472504dfde11ee3899 log.dll (N/A) Trojan.Win64.DARKLOADER.SMYACE1\r\na8745ee6756e9288d88cc0a648c1ec06545f660e log.dll (N/A) Trojan.Win64.DARKLOADER.SMYACE1\r\nd39a35fefa9afb0ca1cfa19bcacae54b254d02ce log.dll (N/A) Trojan.Win64.DARKLOADER.SMYACE1\r\n48e3dc8b02426c433b4cc121b487110845a657cc ccl110u.dll Trojan.Win64.DARKLOADER.YACE1\r\n8ecaf752c5a9e57f496c951321415ca7ba470db6 ccL110U.dll Trojan.Win64.DARKLOADER.YMCHAT\r\nb8b21937d161363be05d3e7c43b9f3dbe11f807d ccL110U.dll (N/A) Trojan.Win64.DARKLOADER.SMYACE1\r\ne77b4b69ac5480f063c0cfc427536bac32cd7f88 libexpa.dll Trojan.Win64.DARKLOADER.YMCHAT\r\n88e3a57c8d8919aed0200c04b19e08660ca3262e libexpa.dll Trojan.Win64.DARKLOADER.YMCHAT\r\n8ef6d55e6ef2427c79f9a6ed5a3ecd1421fc75a9 libexpa.dll (N/A) Trojan.Win64.DARKLOADER.SMYACE1\r\n88e3a57c8d8919aed0200c04b19e08660ca3262e winutils.dll Trojan.Win64.DARKLOADER.YADCGT\r\nd50afee5b441e068439d74641a0a48311c0dfe8d fssync.dll (N/A) Trojan.Win64.DARKLOADER.SMYACE1\r\ne5c54ea9c51edba2c89da11e8bcf2ebd3f7869b4 1.bat (N/A) N/A\r\nedc9f4eded2c57dee14595a2fba6aa3a98ff7b45 config.ini Ransom.Win64.LOCKBIT.THFOABB.enc\r\n4a8d3392b96092d766a9e05a7d92d990688b0ced config.ini Ransom.Win64.LOCKBIT.YADCK.enc\r\n24925b6b77fce4406da3002e52e464dd64eed407 config.ini Ransom.Win64.LOCKBIT.THGOGBB.enc\r\n4b430cf6c653b105654245964aae82665969fc02 config.ini Ransom.Win64.LOCKBIT.THGOGBB.enc\r\n72aa372424cf784c39674f78b89b9c1d3d9fd83c config.ini Ransom.Win64.LOCKBIT.THGOGBB.enc\r\n4a8d3392b96092d766a9e05a7d92d990688b0ced config.ini Ransom.Win64.LOCKBIT.THGOGBB.enc\r\nf2d340f0f9149896d49c76ac36f456c1ee8441fe config.ini (N/A) N/A\r\n3af8e6446e77700a89d0777bb56bc1e172246339 config.ini (N/A) N/A\r\n0c57807b967b79b10072d64565a8d5e7f428b63d 1.exe (N/A) Troj.Win32.Gen.XXBM100FF015\r\n28132fc26b567a517daa0d7b5ad8376af5ca885c 2.dll TrojanSpy.Win64.MIMIKATZ.YMCHAT\r\n95c4130f6adb7eed6fbfdc0ce8394f4bbb66ab26 scvhost.exe (N/A) HackTool.Win64.Chisel.SM.go\r\n8e55377990128a9c3ba61a663a8540a8c56f8a54 svchost.exe HackTool.Win64.Kerbrute.SM\r\n3ca3b27d7ab11331b3521cf9d86292473d7d02fa scvhost.exe HackTool.Win64.CHISEL.YACE1T.go\r\n97c3e38781848d9a15fc0bad0ab114c081a80b72 scvhost.exe (N/A) Troj.Win32.Gen.XXBM100FF015\r\n443e7cfb3956975708dd6b2ea74e9fe2f3d03bf8 f.exe (N/A) Troj.Win32.Gen.XXBM100FF015\r\n7b5bf0930f60b6980a5f44db1357882e93e18dab f.exe (N/A) Troj.Win32.Gen.XXBM100FF015\r\nbb2a3404ec8baaadb353d5e41d384c800eaca6a3 f.exe (N/A) Troj.Win32.Gen.XXBM100FF015\r\n8347947476fb90799cb237008db7e34aaff2f8a2 f.exe (N/A) Troj.Win32.Gen.XXBM100FF015\r\nd9c37fb4a69e05e2b74ee8080f04dd0683977482 f.exe (N/A) Troj.Win32.Gen.XXBM100FF015\r\nf3b984faeb58ad5ac862c7ca45cababaa78111b7 f.exe (N/A) Troj.Win32.Gen.XXBM100FF015\r\n700e3ce6cccdf0ab538d68ec53640c1b37866781 f.exe (N/A) Troj.Win32.Gen.XXBM100FF015\r\nbe691f4a2aa619c31358e0159e07adf4b4ccd68a f.exe (N/A) Troj.Win32.Gen.XXBM100FF015\r\n45db28b53c615653734aa0bb1eb33fd46440843e f.exe (N/A) Troj.Win32.Gen.XXBM100FF015\r\nd02cc623ffedcea20330ebc5fdde9c24bd6e89d6 f.exe (N/A) Troj.Win32.Gen.XXBM100FF015\r\n236e4f1bc6bf27e93a50fd9add6f12f2e49cc942 f.exe (N/A) Troj.Win32.Gen.XXBM100FF015\r\n49c0a3595d0a314f105a9918181c57191c607026 f.exe (N/A) Troj.Win32.Gen.XXBM100FF015\r\n1ebba3accd925bc281fcc068c47483d99174c8bd f.exe (N/A) Troj.Win32.Gen.XXBM100FF015\r\n7ed2bd87d81f5243a1e0d07265bcf485c7d074ae f.exe (N/A) Troj.Win32.Gen.XXBM100FF015\r\nhttps://www.trendmicro.com/content/dam/trendmicro/global/en/research/23/d/an-analysis-of-the-bablock-ransomware-/iocs-an-analysis-of-the-babLock-ransomware.txt\r\nPage 1 of 2\n\nf18387dce0536aa8da897ac092f7812b0ff1f986 f.exe (N/A) Troj.Win32.Gen.XXBM100FF015\r\ne936fcb964c206545dd8270d2cfaec963ac81dec f.exe (N/A) Troj.Win32.Gen.XXBM100FF015\r\nee5b60d2b44df59e8c630b4d5ea9a87042022492 f.exe (N/A) Troj.Win32.Gen.XXBM100FF015\r\nc5199ceb7c69deca1a746f3a07dad096c148495a f.exe (N/A) Troj.Win32.Gen.XXBM100FF015\r\n443e7cfb3956975708dd6b2ea74e9fe2f3d03bf8 f.exe (N/A) Troj.Win32.Gen.XXBM100FF015\r\nSource: https://www.trendmicro.com/content/dam/trendmicro/global/en/research/23/d/an-analysis-of-the-bablock-ransomware-/iocs-an-analysis-of-the-bab\r\nLock-ransomware.txt\r\nhttps://www.trendmicro.com/content/dam/trendmicro/global/en/research/23/d/an-analysis-of-the-bablock-ransomware-/iocs-an-analysis-of-the-babLock-ransomware.txt\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"references": [
		"https://www.trendmicro.com/content/dam/trendmicro/global/en/research/23/d/an-analysis-of-the-bablock-ransomware-/iocs-an-analysis-of-the-babLock-ransomware.txt"
	],
	"report_names": [
		"iocs-an-analysis-of-the-babLock-ransomware.txt"
	],
	"threat_actors": [],
	"ts_created_at": 1775434904,
	"ts_updated_at": 1775791232,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/5765dc49aeade0b0d177657078808d7dced8b17f.pdf",
		"text": "https://archive.orkl.eu/5765dc49aeade0b0d177657078808d7dced8b17f.txt",
		"img": "https://archive.orkl.eu/5765dc49aeade0b0d177657078808d7dced8b17f.jpg"
	}
}