Extracted

• • Target

    6bfc1b42014e76be8deee330ff944681

  • Size

    5.9MB

  • MD5

    6bfc1b42014e76be8deee330ff944681

  • SHA1

    df22b2d235964e322916818bd00c82799ccfe81b

  • SHA256

    1924be27896fc861692cf9247734cd87ec7b121a8a7ffdeda8d313f9d8a12981

  • SHA512

    cf4929bc89ab40ad03259277460d92c8543f36439f805995e47d135d0a3a0d33d8eedbec85d50f791ad8b43aa9dc9e3b9940a8e33bf22e80cf8033736dc0cfbb

  Score

  10^/10

  evasionpersistencespywarestealersuricatababadedasystembccrypterloadertrojan

  • Babadeda

    Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.

    loadercrypterbabadeda

  • Babadeda Crypter

  • SystemBC

    SystemBC is a proxy and remote administration tool first seen in 2019.

    trojansystembc

  • suricata: ET MALWARE Go/Anubis CnC Activity (POST)

    suricata: ET MALWARE Go/Anubis CnC Activity (POST)

    suricata

  • suricata: ET MALWARE Go/Anubis Registration Activity

    suricata: ET MALWARE Go/Anubis Registration Activity

    suricata

  • Downloads MZ/PE file

  • Drops file in Drivers directory

  • Executes dropped EXE

  • Modifies Windows Firewall

    evasion

  • Sets file to hidden

    Modifies file attributes to stop it showing in Explorer etc.

    evasion

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence
  behavioral1behavioral2