babadeda | d2fc2159debd0a2222673cdc028c5f88ca5cc6c72f5665d60c5d27806757cff2 | Triage

Submit
Reports

Overview

overview

Static

static

d2fc2159de...f2.exe

windows7_x64

d2fc2159de...f2.exe

windows10-2004_x64

Resubmissions

19-01-2022 16:34

220119-t229xsbecl 10

25-11-2021 12:32

211125-pqpggaaed4 8

Sharing

General

Target

d2fc2159debd0a2222673cdc028c5f88ca5cc6c72f5665d60c5d27806757cff2
Size

5.7MB
Sample

220119-t229xsbecl
MD5

998dd3d8897f2c619d9e5975f7aeed7e
SHA1

817745be0e42515167e1650b77630b7b34c4e8ab
SHA256

d2fc2159debd0a2222673cdc028c5f88ca5cc6c72f5665d60c5d27806757cff2
SHA512

cdb8fc0e08007911bcf5d51af6cafc4773ec10df8cf91f9c132d36c23dbee1fac563651f9cdf4513a01fdb4d95cf26d4695944e1eda3067dee4d4b9c04cc25bd

Score

10^/10

babadeda cryptbot crypter loader spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

d2fc2159debd0a2222673cdc028c5f88ca5cc6c72f5665d60c5d27806757cff2.exe

Resource

win7-en-20211208

babadeda cryptbot crypter loader spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

d2fc2159debd0a2222673cdc028c5f88ca5cc6c72f5665d60c5d27806757cff2.exe

Resource

win10v2004-en-20220113

babadeda cryptbot crypter loader spyware stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

cryptbot

C2

cemeif67.top

morota06.top

Attributes

payload_url
http://bojitn09.top/download.php?file=lv.exe

Targets

- Target
  
  d2fc2159debd0a2222673cdc028c5f88ca5cc6c72f5665d60c5d27806757cff2
- Size
  
  5.7MB
- MD5
  
  998dd3d8897f2c619d9e5975f7aeed7e
- SHA1
  
  817745be0e42515167e1650b77630b7b34c4e8ab
- SHA256
  
  d2fc2159debd0a2222673cdc028c5f88ca5cc6c72f5665d60c5d27806757cff2
- SHA512
  
  cdb8fc0e08007911bcf5d51af6cafc4773ec10df8cf91f9c132d36c23dbee1fac563651f9cdf4513a01fdb4d95cf26d4695944e1eda3067dee4d4b9c04cc25bd
Score

10^/10

babadeda cryptbot crypter loader spyware stealer
- Babadeda
  Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.
  loader crypter babadeda
- Babadeda Crypter
- CryptBot
  A C++ stealer distributed widely in bundle with other software.
  spyware stealer cryptbot
- Blocklisted process makes network request
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

babadedacryptbotcrypterloaderspywarestealer

behavioral2

babadedacryptbotcrypterloaderspywarestealer

© 2018-2024

Terms | Privacy