babadeda | 108cfca8867eb4f94082cddacf63fbdd8369b0991873a20afc3210f2d5e4ec61 | Triage

Submit
Reports

Overview

overview

Static

static

1

108cfca886...61.exe

windows7-x64

108cfca886...61.exe

windows10-2004-x64

Sharing

General

Target

108cfca8867eb4f94082cddacf63fbdd8369b0991873a20afc3210f2d5e4ec61.exe
Size

14.1MB
Sample

230307-fe484sgc5t
MD5

aaa058858261d7c0e73fa1b8264a9a3d
SHA1

1233af8c8377567b2b8ebf7642f0036c9797596b
SHA256

108cfca8867eb4f94082cddacf63fbdd8369b0991873a20afc3210f2d5e4ec61
SHA512

4ed1d39dad64f0b79f080d15101ad54b6859b5f71911edb112bb10e860baaf4715d01f9241f5bf60a22da950b0deeddde2bb798710162b151781f4310a80059c
SSDEEP

196608:Unri5hStOZV3jIIZruRDm+09gJGzYvj/N2igdkC3qVa+Pa9k8qCgcr+7hQJ/RYyk:7lTLZD+YG8elEkna+iwCNrUhQHYM4Fdb

Score

10^/10

babadeda phobos crypter evasion loader ransomware trojan

Static task

static1

Behavioral task

behavioral1

Sample

108cfca8867eb4f94082cddacf63fbdd8369b0991873a20afc3210f2d5e4ec61.exe

Resource

win7-20230220-en

babadeda crypter evasion loader trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

108cfca8867eb4f94082cddacf63fbdd8369b0991873a20afc3210f2d5e4ec61.exe

Resource

win10v2004-20230220-en

babadeda phobos crypter evasion loader ransomware trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  108cfca8867eb4f94082cddacf63fbdd8369b0991873a20afc3210f2d5e4ec61.exe
- Size
  
  14.1MB
- MD5
  
  aaa058858261d7c0e73fa1b8264a9a3d
- SHA1
  
  1233af8c8377567b2b8ebf7642f0036c9797596b
- SHA256
  
  108cfca8867eb4f94082cddacf63fbdd8369b0991873a20afc3210f2d5e4ec61
- SHA512
  
  4ed1d39dad64f0b79f080d15101ad54b6859b5f71911edb112bb10e860baaf4715d01f9241f5bf60a22da950b0deeddde2bb798710162b151781f4310a80059c
- SSDEEP
  
  196608:Unri5hStOZV3jIIZruRDm+09gJGzYvj/N2igdkC3qVa+Pa9k8qCgcr+7hQJ/RYyk:7lTLZD+YG8elEkna+iwCNrUhQHYM4Fdb
Score

10^/10

babadeda crypter evasion loader trojan phobos ransomware
- Babadeda
  Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.
  loader crypter babadeda
- Babadeda Crypter
- Phobos
  Phobos ransomware appeared at the beginning of 2019.
  ransomware phobos
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
  evasion trojan
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Query Registry

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

babadedacrypterevasionloadertrojan

behavioral2

babadedaphoboscrypterevasionloaderransomwaretrojan

© 2018-2024

Terms | Privacy