babadeda | 10cb4b192833f0670c4ec6fa05898ac776862e22d7370787d6ddb915b7777bdb | Triage

Submit
Reports

Overview

overview

Static

static

5978ee8fc3...dc.exe

windows7-x64

5978ee8fc3...dc.exe

windows10-2004-x64

Sharing

General

Target

5978ee8fc33a5f8ee35731e3ed54d4dc.exe
Size

25.1MB
Sample

220921-h1xghaffe9
MD5

5978ee8fc33a5f8ee35731e3ed54d4dc
SHA1

fdd2b31bbf3320d31aa3eb6e67eada9d15bc88fb
SHA256

10cb4b192833f0670c4ec6fa05898ac776862e22d7370787d6ddb915b7777bdb
SHA512

db7516ac7a4b40bc418ff1607b54939349d5a8f0b751dd499f00a42cd10800fb41bffea4c2e32085af723ef89fc82b2111f86ef6cbd4ee14382f2505fae3d1fe
SSDEEP

786432:MHwiu9WM+JVjjS++8yOvSAoeykWVLI5+YDmdc4s:MHwvWnJVjjptvToeykWV851Cw

Score

10^/10

babadeda netsupport crypter loader rat

Static task

static1

Behavioral task

behavioral1

Sample

5978ee8fc33a5f8ee35731e3ed54d4dc.exe

Resource

win7-20220812-en

babadeda netsupport crypter loader rat

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

5978ee8fc33a5f8ee35731e3ed54d4dc.exe

Resource

win10v2004-20220812-en

babadeda netsupport crypter loader rat

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  5978ee8fc33a5f8ee35731e3ed54d4dc.exe
- Size
  
  25.1MB
- MD5
  
  5978ee8fc33a5f8ee35731e3ed54d4dc
- SHA1
  
  fdd2b31bbf3320d31aa3eb6e67eada9d15bc88fb
- SHA256
  
  10cb4b192833f0670c4ec6fa05898ac776862e22d7370787d6ddb915b7777bdb
- SHA512
  
  db7516ac7a4b40bc418ff1607b54939349d5a8f0b751dd499f00a42cd10800fb41bffea4c2e32085af723ef89fc82b2111f86ef6cbd4ee14382f2505fae3d1fe
- SSDEEP
  
  786432:MHwiu9WM+JVjjS++8yOvSAoeykWVLI5+YDmdc4s:MHwvWnJVjjptvToeykWV851Cw
Score

10^/10

babadeda netsupport crypter loader rat
- Babadeda
  Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.
  loader crypter babadeda
- Babadeda Crypter
- NetSupport
  NetSupport is a remote access tool sold as a legitimate system administration software.
  rat netsupport
- Executes dropped EXE
- Drops startup file
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

babadedanetsupportcrypterloaderrat

behavioral2

babadedanetsupportcrypterloaderrat

© 2018-2025

Terms | Privacy