Resubmissions

08-09-2022 17:22

220908-vxpcyaccfp 10

08-09-2022 17:10

220908-vp3wcsfbb4 10

General

  • Target

    18b75be653fb6203d821645ade1759acfdeb3583b717de4cea485a06a229db46.bin

  • Size

    12.9MB

  • Sample

    220908-vxpcyaccfp

  • MD5

    557d11f6213e29cdb7d86d5e1029a02a

  • SHA1

    4f9e6fefcd7c1d2ac7549bba46ba5e4aa655ced6

  • SHA256

    18b75be653fb6203d821645ade1759acfdeb3583b717de4cea485a06a229db46

  • SHA512

    7da68660769f9780dbadfbb40a986a8ee0f5ae200076623b12350ee36d1b0a8014025a6f007e1d0bfb65741398246abda9643fb29e6e6cb8a14fe6222106a9ee

  • SSDEEP

    393216:wQ/5wdPcRkVrsRq6x/XTpsAjXi/CVhQi64Mfp6V/:wQRwdPcRQ6pX9ZjXWdT4ZV

Malware Config

Targets

    • Target

      18b75be653fb6203d821645ade1759acfdeb3583b717de4cea485a06a229db46.bin

    • Size

      12.9MB

    • MD5

      557d11f6213e29cdb7d86d5e1029a02a

    • SHA1

      4f9e6fefcd7c1d2ac7549bba46ba5e4aa655ced6

    • SHA256

      18b75be653fb6203d821645ade1759acfdeb3583b717de4cea485a06a229db46

    • SHA512

      7da68660769f9780dbadfbb40a986a8ee0f5ae200076623b12350ee36d1b0a8014025a6f007e1d0bfb65741398246abda9643fb29e6e6cb8a14fe6222106a9ee

    • SSDEEP

      393216:wQ/5wdPcRkVrsRq6x/XTpsAjXi/CVhQi64Mfp6V/:wQRwdPcRQ6pX9ZjXWdT4ZV

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Babadeda

      Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.

    • Babadeda Crypter

    • Detect Amadey credential stealer module

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    • Accesses Microsoft Outlook profiles

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v6

Tasks