Extracted

• • Target

    8b82597ca0a096d822a9f7a653bf4356.exe

  • Size

    12.4MB

  • MD5

    8b82597ca0a096d822a9f7a653bf4356

  • SHA1

    3c44e2633e22af9089cb6e51dad828263a8db61c

  • SHA256

    d2409e2236609aaa743681f503ed6963ad22e50bcc1583a749c16605af7968de

  • SHA512

    9bc1f3896e910d64d2e8976de20c8e8c4eaa2d1643601f7a15e9ad0ad215c5c59b1b4c4d345180e2baf105a11fdf2a68cc5041d5497d2bf19ff6f641ed6b70d5

  • SSDEEP

    393216:SQ/5wdPcRkVrsRaSczOjSx52hwbTCMGppU:SQRwdPcRvjI5PnCG

  Score

  10^/10

  babadedavidar1670crypterdiscoveryevasionloaderspywarestealertrojan

  • Babadeda

    Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.

    loadercrypterbabadeda

  • Babadeda Crypter

  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses 2FA software files, possible credential harvesting

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Checks whether UAC is enabled

    evasiontrojan

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  behavioral1behavioral2