babadeda | 42ccd61f1357d37d8c439082e195eed6eb0d3a6b060852ce57161b469919f778 | Triage

Submit
Reports

Overview

overview

Static

static

42ccd61f13...78.exe

windows7_x64

42ccd61f13...78.exe

windows10-2004_x64

Sharing

General

Target

42ccd61f1357d37d8c439082e195eed6eb0d3a6b060852ce57161b469919f778
Size

122.5MB
Sample

220218-j5f6radbep
MD5

c893af41e33ca5da0a8acf8ac623c2ae
SHA1

65412f1aa3839e41a00adc2ebc7162880c258be7
SHA256

42ccd61f1357d37d8c439082e195eed6eb0d3a6b060852ce57161b469919f778
SHA512

20474b4ab6e85a7b33d544a5f8cdb5d6b03b86ee67b07a54a17ee6358d51abdcd0711a78999fceb83f971590707c62941f0d2c5d18abc1c091694ea29ceb517f

Score

10^/10

babadeda remcos crypter loader rat

Static task

static1

Behavioral task

behavioral1

Sample

42ccd61f1357d37d8c439082e195eed6eb0d3a6b060852ce57161b469919f778.exe

Resource

win7-en-20211208

babadeda remcos crypter loader rat

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

42ccd61f1357d37d8c439082e195eed6eb0d3a6b060852ce57161b469919f778.exe

Resource

win10v2004-en-20220112

babadeda remcos crypter loader rat

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  42ccd61f1357d37d8c439082e195eed6eb0d3a6b060852ce57161b469919f778
- Size
  
  122.5MB
- MD5
  
  c893af41e33ca5da0a8acf8ac623c2ae
- SHA1
  
  65412f1aa3839e41a00adc2ebc7162880c258be7
- SHA256
  
  42ccd61f1357d37d8c439082e195eed6eb0d3a6b060852ce57161b469919f778
- SHA512
  
  20474b4ab6e85a7b33d544a5f8cdb5d6b03b86ee67b07a54a17ee6358d51abdcd0711a78999fceb83f971590707c62941f0d2c5d18abc1c091694ea29ceb517f
Score

10^/10

babadeda remcos crypter loader rat
- Babadeda
  Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.
  loader crypter babadeda
- Babadeda Crypter
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Blocklisted process makes network request
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

babadedaremcoscrypterloaderrat

behavioral2

babadedaremcoscrypterloaderrat

© 2018-2024

Terms | Privacy