babadeda | b715f22a9e37049d09b06c26ca899c4be3c6c21386f70d6d357b3bd481ee1794 | Triage

Submit
Reports

Overview

overview

Static

static

1

992cb6d6a5...c3.exe

windows7-x64

992cb6d6a5...c3.exe

windows10-2004-x64

Sharing

General

Target

992cb6d6a567d2ba4e625e8130be7fc3.exe
Size

29.4MB
Sample

230210-3sayracf73
MD5

992cb6d6a567d2ba4e625e8130be7fc3
SHA1

627eebe02f4dfb7d7c0b958e3a15afad5bfd042a
SHA256

b715f22a9e37049d09b06c26ca899c4be3c6c21386f70d6d357b3bd481ee1794
SHA512

f49d524ab142c514847d03cca5cbf53394d2be6950ef00252469fe4c96196b7091cd64d6b472deb1ab29e81e16ac9bbb685a99ef65e4ee5420f7dd43fe3cf474
SSDEEP

786432:gHoURM0Ldpd6p5jXz/9RoQxqVTQyYGoO7IpbM9Mep:gnhp45Dz/92kyoO7MBs

Score

10^/10

babadeda netsupport crypter discovery loader persistence rat

Static task

static1

Behavioral task

behavioral1

Sample

992cb6d6a567d2ba4e625e8130be7fc3.exe

Resource

win7-20221111-en

babadeda crypter discovery loader

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

992cb6d6a567d2ba4e625e8130be7fc3.exe

Resource

win10v2004-20220901-en

babadeda netsupport crypter discovery loader persistence rat

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  992cb6d6a567d2ba4e625e8130be7fc3.exe
- Size
  
  29.4MB
- MD5
  
  992cb6d6a567d2ba4e625e8130be7fc3
- SHA1
  
  627eebe02f4dfb7d7c0b958e3a15afad5bfd042a
- SHA256
  
  b715f22a9e37049d09b06c26ca899c4be3c6c21386f70d6d357b3bd481ee1794
- SHA512
  
  f49d524ab142c514847d03cca5cbf53394d2be6950ef00252469fe4c96196b7091cd64d6b472deb1ab29e81e16ac9bbb685a99ef65e4ee5420f7dd43fe3cf474
- SSDEEP
  
  786432:gHoURM0Ldpd6p5jXz/9RoQxqVTQyYGoO7IpbM9Mep:gnhp45Dz/92kyoO7MBs
Score

10^/10

babadeda crypter discovery loader netsupport persistence rat
- Babadeda
  Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.
  loader crypter babadeda
- Babadeda Crypter
- NetSupport
  NetSupport is a remote access tool sold as a legitimate system administration software.
  rat netsupport
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

babadedacrypterdiscoveryloader

behavioral2

babadedanetsupportcrypterdiscoveryloaderpersistencerat

© 2018-2024

Terms | Privacy