General
-
Target
7eb1b46c43a2290eb2631ea061da7258591e37da9f784e9dc890f1a27d292d9e
-
Size
5.8MB
-
Sample
220228-xccjragcgj
-
MD5
114daaf4ec2fa86c801300439044d946
-
SHA1
9da80d1bed43da4c74f4a0957a580d4e7839f434
-
SHA256
7eb1b46c43a2290eb2631ea061da7258591e37da9f784e9dc890f1a27d292d9e
-
SHA512
ec9333ab61e3e61b4c373dc349d8ecff7145c6bc59b409b658ea2bd2c45ad441ce1a121ac9515764c8c2d2642c5175b8ca6d40328cf84f700dd156e2fbaeb8e0
Malware Config
Targets
-
-
Target
7eb1b46c43a2290eb2631ea061da7258591e37da9f784e9dc890f1a27d292d9e
-
Size
5.8MB
-
MD5
114daaf4ec2fa86c801300439044d946
-
SHA1
9da80d1bed43da4c74f4a0957a580d4e7839f434
-
SHA256
7eb1b46c43a2290eb2631ea061da7258591e37da9f784e9dc890f1a27d292d9e
-
SHA512
ec9333ab61e3e61b4c373dc349d8ecff7145c6bc59b409b658ea2bd2c45ad441ce1a121ac9515764c8c2d2642c5175b8ca6d40328cf84f700dd156e2fbaeb8e0
Score10/10-
Babadeda
Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.
-
Babadeda Crypter
-
Phobos
Phobos ransomware appeared at the beginning of 2019.
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Modifies boot configuration data using bcdedit
-
Blocklisted process makes network request
-
Deletes backup catalog
Uses wbadmin.exe to inhibit system recovery.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Drops startup file
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-