babadeda | 591a2d0da6253f59300d647ef5847187e0250458187a10675f6699b7e1ba484b | Triage

Submit
Reports

Overview

overview

Static

static

1

74fc503e11...in.exe

windows7-x64

74fc503e11...in.exe

windows10-2004-x64

Sharing

General

Target

74fc503e1100f6c092cc42c3d747fc31.bin.exe
Size

20.4MB
Sample

230220-pwr5jsba69
MD5

74fc503e1100f6c092cc42c3d747fc31
SHA1

b342925f66bd36e486fee9e44a67c2b9c02776a3
SHA256

591a2d0da6253f59300d647ef5847187e0250458187a10675f6699b7e1ba484b
SHA512

ad976a54de99a765502d7dd23b829bf7825f266cc2298059718bbb8793c0fcb5b18ec03a95ae3c2d008eaf1f37dad80b0500df5ef6ba9f96601a87d5c243132d
SSDEEP

393216:2UuAZ1IwUF3NnsQ6W9eZB7/sMmkNw02St4yQJUuFe2HiuYpIsjPq4NJVeqi:2UrZ1IP/nsWejVNVF255dCRp/j1yJ

Score

10^/10

babadeda crypter discovery loader spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

74fc503e1100f6c092cc42c3d747fc31.bin.exe

Resource

win7-20220812-en

babadeda crypter discovery loader spyware stealer

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

74fc503e1100f6c092cc42c3d747fc31.bin.exe

Resource

win10v2004-20220812-en

babadeda crypter discovery loader spyware stealer

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  74fc503e1100f6c092cc42c3d747fc31.bin.exe
- Size
  
  20.4MB
- MD5
  
  74fc503e1100f6c092cc42c3d747fc31
- SHA1
  
  b342925f66bd36e486fee9e44a67c2b9c02776a3
- SHA256
  
  591a2d0da6253f59300d647ef5847187e0250458187a10675f6699b7e1ba484b
- SHA512
  
  ad976a54de99a765502d7dd23b829bf7825f266cc2298059718bbb8793c0fcb5b18ec03a95ae3c2d008eaf1f37dad80b0500df5ef6ba9f96601a87d5c243132d
- SSDEEP
  
  393216:2UuAZ1IwUF3NnsQ6W9eZB7/sMmkNw02St4yQJUuFe2HiuYpIsjPq4NJVeqi:2UrZ1IP/nsWejVNVF255dCRp/j1yJ
Score

10^/10

babadeda crypter discovery loader spyware stealer
- Babadeda
  Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.
  loader crypter babadeda
- Babadeda Crypter
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

babadedacrypterdiscoveryloaderspywarestealer

behavioral2

babadedacrypterdiscoveryloaderspywarestealer

© 2018-2024

Terms | Privacy