babadeda

General

Target

682618e1c1291d4d198740724cb2a5eb57fa5f2fcb122f29cdbd98815867e8e0
Size

1.1MB
Sample

220206-tcdj9sbdd8
MD5

37b41aa385e7c4f1252f6e64880346f7
SHA1

889556aa6779cc9f3e697031f1781b5e12428132
SHA256

682618e1c1291d4d198740724cb2a5eb57fa5f2fcb122f29cdbd98815867e8e0
SHA512

af0b1866cf00d9865e6a7893e83425760a356d8df61f9cad267ecac0bab8b84e2b8776cb8ecd973f1fcb740954082a21618817672aad54343fc8a56dd96a65bd

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

vns

Decoy

sparkspressworld.com

everydayresidency.com

thebosscollectionn.com

milkweedmagic.com

worklesshours.com

romeosfurnituremadera.com

unclepetesproduce.com

athleticamackay.com

9nhl.com

powellassetmanagement.com

jxlamp.com

onpointpetproducts.com

buymysoft.com

nazertrader.com

goprj.com

keeptalkservice.com

aolei1688.com

donstackl.com

almasorchids.com

pj5bwn.com

Targets

- Target
  
  Quotation.com
- Size
  
  1.2MB
- MD5
  
  ca3395b17a2f8092f2f5054a06eccbee
- SHA1
  
  bbcec44150facad7ee24c6c69329456fdd4cb011
- SHA256
  
  a35a739a11186937e37899ee065f6c1832f27ec88a182079f7a8f2d57884184b
- SHA512
  
  738c278d8cab458fb60e93433cd4e78799898602bdb24694f2e49ee17df6c1e2c0a56697ef4e9cfda12a03a895504176e6f9c1312c0272a7937e65877acb7e48
Score

10^/10

babadeda formbook vns crypter loader persistence rat spyware stealer trojan
- Babadeda
  Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.
  loader crypter babadeda
- Babadeda Crypter
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Adds policy Run key to start application
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

2

T1060

Privilege Escalation

Defense Evasion

Modify Registry

3

T1112

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Babadeda Crypter

Formbook

Formbook Payload

Adds policy Run key to start application

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2