babadeda

General

Target

1f53d6f4fb02c8663b9d377570953d07c56df297674b7c3847d1697f0e5f8165
Size

11.7MB
Sample

220119-t22y6abeh8
MD5

51f468fa1f11ef59ad7fd5f339906661
SHA1

03887d2684aff18df484ca39c8f070a0bc725e4a
SHA256

1f53d6f4fb02c8663b9d377570953d07c56df297674b7c3847d1697f0e5f8165
SHA512

493e7d68f3ffdb6e9b0587457370253f72e3d6b2c6fa3bafb1e96dcb36db0e6b78b2a52bcf86c9b42f1bf260da639a1e88ca13d8a43ad9826ed4f680e9c3ba7f

Score

10^/10

Malware Config

Extracted

Family

fickerstealer

C2

prunerflowershop.com:80

Targets

- Target
  
  1f53d6f4fb02c8663b9d377570953d07c56df297674b7c3847d1697f0e5f8165
- Size
  
  11.7MB
- MD5
  
  51f468fa1f11ef59ad7fd5f339906661
- SHA1
  
  03887d2684aff18df484ca39c8f070a0bc725e4a
- SHA256
  
  1f53d6f4fb02c8663b9d377570953d07c56df297674b7c3847d1697f0e5f8165
- SHA512
  
  493e7d68f3ffdb6e9b0587457370253f72e3d6b2c6fa3bafb1e96dcb36db0e6b78b2a52bcf86c9b42f1bf260da639a1e88ca13d8a43ad9826ed4f680e9c3ba7f
Score

10^/10

babadeda fickerstealer crypter discovery infostealer loader upx
- Babadeda
  Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.
  loader crypter babadeda
- Babadeda Crypter
- Fickerstealer
  Ficker is an infostealer written in Rust and ASM.
  infostealer fickerstealer
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

Babadeda Crypter

Fickerstealer

Executes dropped EXE

UPX packed file

Checks computer location settings

Loads dropped DLL

Checks installed software on the system

Looks up external IP address via web service

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2