babadeda | e1c5e17d90f580bbcb8cf99dc5d696f9b5c4cf45789617de77a350e101b79214 | Triage

Submit
Reports

Overview

overview

Static

static

winprofile

windows7-x64

winprofile

windows10-1703-x64

Resubmissions

27-11-2022 00:34

221127-awsnrafh98 10

26-11-2022 22:21

221126-194ahsdb41 10

Sharing

General

Target

e1c5e17d90f580bbcb8cf99dc5d696f9b5c4cf45789617de77a350e101b79214
Size

11.7MB
Sample

221126-194ahsdb41
MD5

0f887c61e1b11623374401f9ffb48bad
SHA1

760321c5710f4040ef74ffbd2ec63244143be11a
SHA256

e1c5e17d90f580bbcb8cf99dc5d696f9b5c4cf45789617de77a350e101b79214
SHA512

448cfcc8e5366164b9a950854217cd0a8a1dc99329d6e048a1246a5d03f97dbd311b52876f9003a51d19be1eaa34204e15f67b36d86490905cb873633c5f1340
SSDEEP

196608:S2J/5wdPGb3R3etNv9jpuSrsR3gp276tQhMnfxSvmN6TbSLjuOG+VL9hAlw9fhcn:SQ/5wdPcRkVrsRQp276trfBN6T++ORKj

Score

10^/10

babadeda crypter evasion loader persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

e1c5e17d90f580bbcb8cf99dc5d696f9b5c4cf45789617de77a350e101b79214.exe

Resource

win7-20221111-en

babadeda crypter evasion loader trojan

windows7-x64

13 signatures

300 seconds

Behavioral task

behavioral2

Sample

e1c5e17d90f580bbcb8cf99dc5d696f9b5c4cf45789617de77a350e101b79214.exe

Resource

win10-20220901-en

babadeda crypter evasion loader persistence trojan

windows10-1703-x64

14 signatures

300 seconds

Malware Config

Targets

- Target
  
  e1c5e17d90f580bbcb8cf99dc5d696f9b5c4cf45789617de77a350e101b79214
- Size
  
  11.7MB
- MD5
  
  0f887c61e1b11623374401f9ffb48bad
- SHA1
  
  760321c5710f4040ef74ffbd2ec63244143be11a
- SHA256
  
  e1c5e17d90f580bbcb8cf99dc5d696f9b5c4cf45789617de77a350e101b79214
- SHA512
  
  448cfcc8e5366164b9a950854217cd0a8a1dc99329d6e048a1246a5d03f97dbd311b52876f9003a51d19be1eaa34204e15f67b36d86490905cb873633c5f1340
- SSDEEP
  
  196608:S2J/5wdPGb3R3etNv9jpuSrsR3gp276tQhMnfxSvmN6TbSLjuOG+VL9hAlw9fhcn:SQ/5wdPcRkVrsRQp276trfBN6T++ORKj
Score

10^/10

babadeda crypter evasion loader trojan persistence
- Babadeda
  Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.
  loader crypter babadeda
- Babadeda Crypter
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

babadedacrypterevasionloadertrojan

behavioral2

babadedacrypterevasionloaderpersistencetrojan

© 2018-2024

Terms | Privacy