General
-
Target
1b9a300d4e882a59e4bb15f7aa7069df6cc48057d1f89a71fff6df4e70d483f1.exe
-
Size
8.1MB
-
Sample
220402-kh522adbc9
-
MD5
72ad5cebf69de22b971997bb261ef519
-
SHA1
27aef0b7214b93b44cbeab76af1dd39db3d938fd
-
SHA256
1b9a300d4e882a59e4bb15f7aa7069df6cc48057d1f89a71fff6df4e70d483f1
-
SHA512
a4879dae60d580b3fad31311ae64acdc92604164cc95bd721a4a789c66791c5586eac3922e621c33aab5f919ad92e68ef6cbbc43b3d4857b547e627855bcefe8
Malware Config
Targets
-
-
Target
1b9a300d4e882a59e4bb15f7aa7069df6cc48057d1f89a71fff6df4e70d483f1.exe
-
Size
8.1MB
-
MD5
72ad5cebf69de22b971997bb261ef519
-
SHA1
27aef0b7214b93b44cbeab76af1dd39db3d938fd
-
SHA256
1b9a300d4e882a59e4bb15f7aa7069df6cc48057d1f89a71fff6df4e70d483f1
-
SHA512
a4879dae60d580b3fad31311ae64acdc92604164cc95bd721a4a789c66791c5586eac3922e621c33aab5f919ad92e68ef6cbbc43b3d4857b547e627855bcefe8
Score10/10-
Babadeda
Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.
-
Babadeda Crypter
-
Phobos
Phobos ransomware appeared at the beginning of 2019.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Modifies boot configuration data using bcdedit
-
Deletes backup catalog
Uses wbadmin.exe to inhibit system recovery.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-