babadeda | 8f3bb770ad8cafcabe4eba9f67ba79f353ddee4caf30532e724bdeb15489df64 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

CLOUDFLA.EXE.exe

windows7-x64

CLOUDFLA.EXE.exe

windows10-2004-x64

Resubmissions

09/09/2022, 02:25

220909-cws1maddcp 10

08/09/2022, 05:59

220908-gpqzxadgg5 10

Sharing

General

Target

CLOUDFLA.EXE.exe
Size

30.9MB
Sample

220909-cws1maddcp
MD5

edf02789603a77a4c7b42dd8091babe0
SHA1

75a4690028051f5eb8df5195a5bec283066b8420
SHA256

8f3bb770ad8cafcabe4eba9f67ba79f353ddee4caf30532e724bdeb15489df64
SHA512

c696ff8989b47a94a960154d2a26d5b93f3a7a19c5582ff649d5e67faddc746b3d7fe86adf42023bf2bc22759bf5d9af38ab5863a760f997b9288ec02d620b79
SSDEEP

786432:SQRwdPcRhvUvAtRNW0sm2CGFSXOSmL5NDBsX9LsD73e486:1RwdPcRavyu0F2zFz5De9LW7e486

Score

10^/10

babadeda crypter evasion loader trojan

Static task

static1

Behavioral task

behavioral1

Sample

CLOUDFLA.EXE.exe

Resource

win7-20220812-en

babadeda crypter evasion loader trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

CLOUDFLA.EXE.exe

Resource

win10v2004-20220812-en

babadeda crypter evasion loader trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  CLOUDFLA.EXE.exe
- Size
  
  30.9MB
- MD5
  
  edf02789603a77a4c7b42dd8091babe0
- SHA1
  
  75a4690028051f5eb8df5195a5bec283066b8420
- SHA256
  
  8f3bb770ad8cafcabe4eba9f67ba79f353ddee4caf30532e724bdeb15489df64
- SHA512
  
  c696ff8989b47a94a960154d2a26d5b93f3a7a19c5582ff649d5e67faddc746b3d7fe86adf42023bf2bc22759bf5d9af38ab5863a760f997b9288ec02d620b79
- SSDEEP
  
  786432:SQRwdPcRhvUvAtRNW0sm2CGFSXOSmL5NDBsX9LsD73e486:1RwdPcRavyu0F2zFz5De9LW7e486
Score

10^/10

babadeda crypter evasion loader trojan
- Babadeda
  Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.
  loader crypter babadeda
- Babadeda Crypter
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
  evasion trojan
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

babadedacrypterevasionloadertrojan

behavioral2

babadedacrypterevasionloadertrojan

© 2018-2025

Terms | Privacy