babadeda | d6d58703b0ea83394d28fa0b31105ce5f0295b980563df1c085c4895245b79c1 | Triage

Submit
Reports

Overview

overview

Static

static

1

b715f22a9e...94.exe

windows7-x64

b715f22a9e...94.exe

windows10-2004-x64

Sharing

General

Target

b715f22a9e37049d09b06c26ca899c4be3c6c21386f70d6d357b3bd481ee1794.zip
Size

28.9MB
Sample

230321-r1972abc85
MD5

9b773102e5bbe6f9a397497cb69a11cb
SHA1

ad15369ea7aec1537af0edcbe055d8c547a330ea
SHA256

d6d58703b0ea83394d28fa0b31105ce5f0295b980563df1c085c4895245b79c1
SHA512

bc750334ea354b85fdca4c57116b74c240060c652c2d9a7b95a298be14cc683849f2171c79e282bf0187520424752c39d3bb3ffe27c5285aab2587e0f8d83afe
SSDEEP

393216:OAyqBB5t4S4F9l0B6gXaTTkMvVTI+iTeQlK7kcNSjJbFFBGKXxA0fXzeEbmZZYN4:OGB5Ot9lb/TnX69FnH1jtk+DM

Score

10^/10

babadeda netsupport crypter discovery loader persistence rat

Static task

static1

Behavioral task

behavioral1

Sample

b715f22a9e37049d09b06c26ca899c4be3c6c21386f70d6d357b3bd481ee1794.exe

Resource

win7-20230220-en

babadeda crypter discovery loader

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

b715f22a9e37049d09b06c26ca899c4be3c6c21386f70d6d357b3bd481ee1794.exe

Resource

win10v2004-20230220-en

babadeda netsupport crypter discovery loader persistence rat

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  b715f22a9e37049d09b06c26ca899c4be3c6c21386f70d6d357b3bd481ee1794.exe
- Size
  
  29.4MB
- MD5
  
  992cb6d6a567d2ba4e625e8130be7fc3
- SHA1
  
  627eebe02f4dfb7d7c0b958e3a15afad5bfd042a
- SHA256
  
  b715f22a9e37049d09b06c26ca899c4be3c6c21386f70d6d357b3bd481ee1794
- SHA512
  
  f49d524ab142c514847d03cca5cbf53394d2be6950ef00252469fe4c96196b7091cd64d6b472deb1ab29e81e16ac9bbb685a99ef65e4ee5420f7dd43fe3cf474
- SSDEEP
  
  786432:gHoURM0Ldpd6p5jXz/9RoQxqVTQyYGoO7IpbM9Mep:gnhp45Dz/92kyoO7MBs
Score

10^/10

babadeda crypter discovery loader netsupport persistence rat
- Babadeda
  Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.
  loader crypter babadeda
- Babadeda Crypter
- NetSupport
  NetSupport is a remote access tool sold as a legitimate system administration software.
  rat netsupport
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

babadedacrypterdiscoveryloader

behavioral2

babadedanetsupportcrypterdiscoveryloaderpersistencerat

© 2018-2024

Terms | Privacy