Extracted

• • Target

    ad90d436c3465d6ae2f4bee7f0aafb828f150eff6a0a6c76fdd83c895b2070dc.exe

  • Size

    4.8MB

  • MD5

    6678549db6974d6962363d8b82ee7be2

  • SHA1

    b3fc1aca4ff8ad96d48895d7d9bc8e136151b844

  • SHA256

    ad90d436c3465d6ae2f4bee7f0aafb828f150eff6a0a6c76fdd83c895b2070dc

  • SHA512

    39ed85ba147bbfb9625afa993993867676ebfd6efddf43f49a0d838a498c6d6be45501a8f02f3be682b5711c38119899547301bb7a02e13c003614f13a4f13b1

  • SSDEEP

    98304:nSibgJW3oGqaFvY9Jp+oyyuMNfyCUFStjqNsNM5NEQ2Z+dnPcMc:1TtY9JpXXuMNzUwANsu5z2Z+1cd

  Score

  10^/10

  babadedafickerstealercrypterinfostealerloader

  • Babadeda

    Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.

    loadercrypterbabadeda

  • Babadeda Crypter

  • Fickerstealer

    Ficker is an infostealer written in Rust and ASM.

    infostealerfickerstealer

  • Executes dropped EXE

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2