babadeda | 716ce7fe411f352686b4071074aa96e1456ab7a67445b3cf1c475e18a4e5ac25 | Triage

Submit
Reports

Overview

overview

Static

static

716ce7fe41...25.exe

windows7_x64

716ce7fe41...25.exe

windows10-2004_x64

Resubmissions

19-01-2022 16:33

220119-t2qk5abeck 10

25-11-2021 12:40

211125-pv9m7sfbhq 8

Sharing

General

Target

716ce7fe411f352686b4071074aa96e1456ab7a67445b3cf1c475e18a4e5ac25
Size

7.5MB
Sample

220119-t2qk5abeck
MD5

4ec77eb8280485764b6bc22f6cf7d57e
SHA1

85215638743eeb6800aaada5d057e96032db6906
SHA256

716ce7fe411f352686b4071074aa96e1456ab7a67445b3cf1c475e18a4e5ac25
SHA512

770b14b133ac0a7bfee3a973d43a5342cd021a731f1be4d557a332aa4945dbb9be6b25909291feeb766c3fd640ff943780d4172e2fe6f6c77a128585e7914954

Score

10^/10

babadeda gozi_ifsb 2002 banker crypter loader trojan

Static task

static1

Behavioral task

behavioral1

Sample

716ce7fe411f352686b4071074aa96e1456ab7a67445b3cf1c475e18a4e5ac25.exe

Resource

win7-en-20211208

babadeda gozi_ifsb 2002 banker crypter loader trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

716ce7fe411f352686b4071074aa96e1456ab7a67445b3cf1c475e18a4e5ac25.exe

Resource

win10v2004-en-20220112

babadeda gozi_ifsb 2002 banker crypter loader trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

gozi_ifsb

Botnet

2002

C2

get.updates.avast.cn

huyasos.in

curves.ws

rorobrun.in

tfslld.ws

Attributes

base_path
/sreamble/
build
250211
dga_season
10
exe_type
loader
extension
.sre
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  716ce7fe411f352686b4071074aa96e1456ab7a67445b3cf1c475e18a4e5ac25
- Size
  
  7.5MB
- MD5
  
  4ec77eb8280485764b6bc22f6cf7d57e
- SHA1
  
  85215638743eeb6800aaada5d057e96032db6906
- SHA256
  
  716ce7fe411f352686b4071074aa96e1456ab7a67445b3cf1c475e18a4e5ac25
- SHA512
  
  770b14b133ac0a7bfee3a973d43a5342cd021a731f1be4d557a332aa4945dbb9be6b25909291feeb766c3fd640ff943780d4172e2fe6f6c77a128585e7914954
Score

10^/10

babadeda gozi_ifsb 2002 banker crypter loader trojan
- Babadeda
  Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.
  loader crypter babadeda
- Babadeda Crypter
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
- Blocklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

babadedagozi_ifsb2002bankercrypterloadertrojan

behavioral2

babadedagozi_ifsb2002bankercrypterloadertrojan

© 2018-2024

Terms | Privacy