Overview

overview

10

Static

static

18b75be653...46.exe

windows7-x64

10

18b75be653...46.exe

windows10-2004-x64

10

Resubmissions

08-09-2022 17:22

220908-vxpcyaccfp 10

08-09-2022 17:10

220908-vp3wcsfbb4 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    18b75be653fb6203d821645ade1759acfdeb3583b717de4cea485a06a229db46.bin

  • Size

    12.9MB

  • Sample

    220908-vp3wcsfbb4

  • MD5

    557d11f6213e29cdb7d86d5e1029a02a

  • SHA1

    4f9e6fefcd7c1d2ac7549bba46ba5e4aa655ced6

  • SHA256

    18b75be653fb6203d821645ade1759acfdeb3583b717de4cea485a06a229db46

  • SHA512

    7da68660769f9780dbadfbb40a986a8ee0f5ae200076623b12350ee36d1b0a8014025a6f007e1d0bfb65741398246abda9643fb29e6e6cb8a14fe6222106a9ee

  • SSDEEP

    393216:wQ/5wdPcRkVrsRq6x/XTpsAjXi/CVhQi64Mfp6V/:wQRwdPcRQ6pX9ZjXWdT4ZV

Score
10/10
amadeybabadedacollectioncrypterevasionloaderpersistencespywarestealertrojan

Malware Config

Targets

    • Target

      18b75be653fb6203d821645ade1759acfdeb3583b717de4cea485a06a229db46.bin

    • Size

      12.9MB

    • MD5

      557d11f6213e29cdb7d86d5e1029a02a

    • SHA1

      4f9e6fefcd7c1d2ac7549bba46ba5e4aa655ced6

    • SHA256

      18b75be653fb6203d821645ade1759acfdeb3583b717de4cea485a06a229db46

    • SHA512

      7da68660769f9780dbadfbb40a986a8ee0f5ae200076623b12350ee36d1b0a8014025a6f007e1d0bfb65741398246abda9643fb29e6e6cb8a14fe6222106a9ee

    • SSDEEP

      393216:wQ/5wdPcRkVrsRq6x/XTpsAjXi/CVhQi64Mfp6V/:wQRwdPcRQ6pX9ZjXWdT4ZV

    Score
    10/10
    amadeybabadedacollectioncrypterevasionloaderspywarestealertrojanpersistence

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

      trojanamadey

    • Babadeda

      Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.

      loadercrypterbabadeda

    • Babadeda Crypter

    • Detect Amadey credential stealer module

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks