General
-
Target
6bfc1b42014e76be8deee330ff944681
-
Size
5.9MB
-
Sample
220303-d1xp2sahaj
-
MD5
6bfc1b42014e76be8deee330ff944681
-
SHA1
df22b2d235964e322916818bd00c82799ccfe81b
-
SHA256
1924be27896fc861692cf9247734cd87ec7b121a8a7ffdeda8d313f9d8a12981
-
SHA512
cf4929bc89ab40ad03259277460d92c8543f36439f805995e47d135d0a3a0d33d8eedbec85d50f791ad8b43aa9dc9e3b9940a8e33bf22e80cf8033736dc0cfbb
Malware Config
Extracted
systembc
5.101.78.2:4127
192.53.123.202:4127
Targets
-
-
Target
6bfc1b42014e76be8deee330ff944681
-
Size
5.9MB
-
MD5
6bfc1b42014e76be8deee330ff944681
-
SHA1
df22b2d235964e322916818bd00c82799ccfe81b
-
SHA256
1924be27896fc861692cf9247734cd87ec7b121a8a7ffdeda8d313f9d8a12981
-
SHA512
cf4929bc89ab40ad03259277460d92c8543f36439f805995e47d135d0a3a0d33d8eedbec85d50f791ad8b43aa9dc9e3b9940a8e33bf22e80cf8033736dc0cfbb
Score10/10-
Babadeda
Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.
-
Babadeda Crypter
-
SystemBC
SystemBC is a proxy and remote administration tool first seen in 2019.
-
suricata: ET MALWARE Go/Anubis CnC Activity (POST)
suricata: ET MALWARE Go/Anubis CnC Activity (POST)
-
suricata: ET MALWARE Go/Anubis Registration Activity
suricata: ET MALWARE Go/Anubis Registration Activity
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-