General

  • Target

    5d270c5f31a22248cc088654d6ea6f293d000e3780ed1d0e180ea005b6e120bd

  • Size

    15.6MB

  • Sample

    221210-j4e73afb45

  • MD5

    2b0b6f7adb2c4f30a25aa73f19eb69de

  • SHA1

    6856ec4a84ba879e8118bbe8fd89237f12977a7e

  • SHA256

    5d270c5f31a22248cc088654d6ea6f293d000e3780ed1d0e180ea005b6e120bd

  • SHA512

    4018b7127fe13b8f4ccfd4ad5ac842e4e56e2f4c8637cdaca34b614106724ba24c57d572e11643b89265cfbed128016edf60c0b823224d45004c82585e473b62

  • SSDEEP

    393216:WiYKzJ17sYSuDHiW6NEhlYsZF07VmkNAPSEMSaYSwpCAIe:rVBFJD2olYsT0V3Nk/azC

Malware Config

Targets

    • Target

      5d270c5f31a22248cc088654d6ea6f293d000e3780ed1d0e180ea005b6e120bd

    • Size

      15.6MB

    • MD5

      2b0b6f7adb2c4f30a25aa73f19eb69de

    • SHA1

      6856ec4a84ba879e8118bbe8fd89237f12977a7e

    • SHA256

      5d270c5f31a22248cc088654d6ea6f293d000e3780ed1d0e180ea005b6e120bd

    • SHA512

      4018b7127fe13b8f4ccfd4ad5ac842e4e56e2f4c8637cdaca34b614106724ba24c57d572e11643b89265cfbed128016edf60c0b823224d45004c82585e473b62

    • SSDEEP

      393216:WiYKzJ17sYSuDHiW6NEhlYsZF07VmkNAPSEMSaYSwpCAIe:rVBFJD2olYsT0V3Nk/azC

    • Babadeda

      Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.

    • Babadeda Crypter

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v6

Tasks