General
-
Target
fc1d1af6949a3478a4624ea89cc63cd5d6f2e95c45f687992073b5fddd54293e
-
Size
8.8MB
-
Sample
220816-m1t4lagahl
-
MD5
d33c96fb7da2d99335f17ef258aaf38f
-
SHA1
16f8536b284f5b1805fa1225772f530a5d10e32c
-
SHA256
fc1d1af6949a3478a4624ea89cc63cd5d6f2e95c45f687992073b5fddd54293e
-
SHA512
464d63809197f3652a0a44bd5ebb3745a6be6fd38bd5d0441694308b402ce75e141c97e992fa604c41a136b30d6dea18774ce9e32debdb14d6fbe14b77632354
Malware Config
Extracted
bitrat
1.38
185.157.162.75:443
-
communication_password
9a08a0de8505c164e6416807e8627aba
-
tor_process
tor
Targets
-
-
Target
fc1d1af6949a3478a4624ea89cc63cd5d6f2e95c45f687992073b5fddd54293e
-
Size
8.8MB
-
MD5
d33c96fb7da2d99335f17ef258aaf38f
-
SHA1
16f8536b284f5b1805fa1225772f530a5d10e32c
-
SHA256
fc1d1af6949a3478a4624ea89cc63cd5d6f2e95c45f687992073b5fddd54293e
-
SHA512
464d63809197f3652a0a44bd5ebb3745a6be6fd38bd5d0441694308b402ce75e141c97e992fa604c41a136b30d6dea18774ce9e32debdb14d6fbe14b77632354
Score10/10-
Babadeda
Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.
-
Babadeda Crypter
-
BitRAT
BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-