General

  • Target

    fad2e8293cf38eec695b1b5c012e187999bd94fbcad91d8f110605a9709c31b3

  • Size

    8.2MB

  • Sample

    220228-dswssaedhk

  • MD5

    bafdcdfdac4e0d5a835c1048af2a3815

  • SHA1

    8ed85a4739ab5945ee21e05947eb204ef04bcc02

  • SHA256

    fad2e8293cf38eec695b1b5c012e187999bd94fbcad91d8f110605a9709c31b3

  • SHA512

    cebd84cc2763126fb041bfb2bde31447c3bc09af08bbd6087bbc7640d7a64a5edc158916db639f590e74439eb7b9e057bf70b98d74aff8f27c2c2ffc7e69a743

Malware Config

Targets

    • Target

      fad2e8293cf38eec695b1b5c012e187999bd94fbcad91d8f110605a9709c31b3

    • Size

      8.2MB

    • MD5

      bafdcdfdac4e0d5a835c1048af2a3815

    • SHA1

      8ed85a4739ab5945ee21e05947eb204ef04bcc02

    • SHA256

      fad2e8293cf38eec695b1b5c012e187999bd94fbcad91d8f110605a9709c31b3

    • SHA512

      cebd84cc2763126fb041bfb2bde31447c3bc09af08bbd6087bbc7640d7a64a5edc158916db639f590e74439eb7b9e057bf70b98d74aff8f27c2c2ffc7e69a743

    • Babadeda

      Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.

    • Babadeda Crypter

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • autoit_exe

      AutoIT scripts compiled to PE executables.

MITRE ATT&CK Enterprise v6

Tasks