Overview

overview

10

Static

static

10

b0966b0b2a...2c.exe

windows7_x64

10

b0966b0b2a...2c.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b0966b0b2a38cb845932231c04b16d79f2c434a0171ebe151585f154a418e02c

  • Size

    107.9MB

  • Sample

    220411-ydh9cshecj

  • MD5

    e4c7e50f00bb0df010b2067178c7af0d

  • SHA1

    eaf452720b75bec51f7e15b833192c39c318f09e

  • SHA256

    b0966b0b2a38cb845932231c04b16d79f2c434a0171ebe151585f154a418e02c

  • SHA512

    823c6eef9ec3dbf8cec1cdcdbbcd9180ed70cf41a673c9253d4eb1d2a4b489567345d4e9981003bcfab6b38e3c5f9fee538d3610d6c515557cf241e9885be5b8

Score
10/10
babadedacrypterloaderpersistence

Malware Config

Targets

    • Target

      b0966b0b2a38cb845932231c04b16d79f2c434a0171ebe151585f154a418e02c

    • Size

      107.9MB

    • MD5

      e4c7e50f00bb0df010b2067178c7af0d

    • SHA1

      eaf452720b75bec51f7e15b833192c39c318f09e

    • SHA256

      b0966b0b2a38cb845932231c04b16d79f2c434a0171ebe151585f154a418e02c

    • SHA512

      823c6eef9ec3dbf8cec1cdcdbbcd9180ed70cf41a673c9253d4eb1d2a4b489567345d4e9981003bcfab6b38e3c5f9fee538d3610d6c515557cf241e9885be5b8

    Score
    10/10
    babadedacrypterloaderpersistence

    • Babadeda

      Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.

      loadercrypterbabadeda

    • Babadeda Crypter

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks