babadeda | fc1d1af6949a3478a4624ea89cc63cd5d6f2e95c45f687992073b5fddd54293e | Triage

Submit
Reports

Overview

overview

Static

static

fc1d1af694...3e.exe

windows7-x64

fc1d1af694...3e.exe

windows10-2004-x64

Sharing

General

Target

fc1d1af6949a3478a4624ea89cc63cd5d6f2e95c45f687992073b5fddd54293e
Size

8.8MB
Sample

220816-m1t4lagahl
MD5

d33c96fb7da2d99335f17ef258aaf38f
SHA1

16f8536b284f5b1805fa1225772f530a5d10e32c
SHA256

fc1d1af6949a3478a4624ea89cc63cd5d6f2e95c45f687992073b5fddd54293e
SHA512

464d63809197f3652a0a44bd5ebb3745a6be6fd38bd5d0441694308b402ce75e141c97e992fa604c41a136b30d6dea18774ce9e32debdb14d6fbe14b77632354

Score

10^/10

babadeda bitrat crypter discovery loader trojan

Static task

static1

Behavioral task

behavioral1

Sample

fc1d1af6949a3478a4624ea89cc63cd5d6f2e95c45f687992073b5fddd54293e.exe

Resource

win7-20220812-en

babadeda bitrat crypter discovery loader trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

fc1d1af6949a3478a4624ea89cc63cd5d6f2e95c45f687992073b5fddd54293e.exe

Resource

win10v2004-20220812-en

babadeda bitrat crypter discovery loader trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

185.157.162.75:443

Attributes

communication_password
9a08a0de8505c164e6416807e8627aba
tor_process
tor

Targets

- Target
  
  fc1d1af6949a3478a4624ea89cc63cd5d6f2e95c45f687992073b5fddd54293e
- Size
  
  8.8MB
- MD5
  
  d33c96fb7da2d99335f17ef258aaf38f
- SHA1
  
  16f8536b284f5b1805fa1225772f530a5d10e32c
- SHA256
  
  fc1d1af6949a3478a4624ea89cc63cd5d6f2e95c45f687992073b5fddd54293e
- SHA512
  
  464d63809197f3652a0a44bd5ebb3745a6be6fd38bd5d0441694308b402ce75e141c97e992fa604c41a136b30d6dea18774ce9e32debdb14d6fbe14b77632354
Score

10^/10

babadeda bitrat crypter discovery loader trojan
- Babadeda
  Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.
  loader crypter babadeda
- Babadeda Crypter
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

babadedabitratcrypterdiscoveryloadertrojan

behavioral2

babadedabitratcrypterdiscoveryloadertrojan

© 2018-2024

Terms | Privacy