General
-
Target
6495324078768128.zip
-
Size
8.0MB
-
Sample
220213-kyak3agbc5
-
MD5
895cadb228eceddf123ff79d9c10ca6f
-
SHA1
890ca34754a5c8abf8f3ccae80ac44c79ac3b4c3
-
SHA256
50e7fed85e8f6fe0000a538d55221cc579fcf2576f5cf96ab717df4a3f14e8c1
-
SHA512
202ef6e14e75c219673fd4038dca1aa2735cf3cab2a7bb3197f7f83f4ad1b8d45e53e5cf6f486c82274cea207b2022bf9fec02bf0b13568996d80e7ac2cd317d
Malware Config
Targets
-
-
Target
6d67d7c74a5a110c3d06c7c5d769aef148bfdb8587056fa69873e8d43dc9fe44
-
Size
9.6MB
-
MD5
cc2631ac48d53e47f9958142730d8132
-
SHA1
ef9a754f025b682c7bf8d21fa59cb71e4a8c1be7
-
SHA256
6d67d7c74a5a110c3d06c7c5d769aef148bfdb8587056fa69873e8d43dc9fe44
-
SHA512
acc02eb8fcf5640503e1bd723121f16d9852553621b6c046159ca0358bbccd8f5455151e8ce0deee3907c31e2e4562bb61c52927fb728a3052833f116749e4c8
Score10/10-
Babadeda
Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.
-
Babadeda Crypter
-
Phobos
Phobos ransomware appeared at the beginning of 2019.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Modifies boot configuration data using bcdedit
-
Deletes backup catalog
Uses wbadmin.exe to inhibit system recovery.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Drops startup file
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Drops desktop.ini file(s)
-