Extracted

• • Target

    99e6b46a1eba6fd60b9568622a2a27b4ae1ac02e55ab8b13709f38455345aaff

  • Size

    11.7MB

  • MD5

    0013ee610f83b401007adbefef051305

  • SHA1

    f322e18219aa1abd91640b4d2b47fc1992068d16

  • SHA256

    99e6b46a1eba6fd60b9568622a2a27b4ae1ac02e55ab8b13709f38455345aaff

  • SHA512

    27abdf3bd117cd85e18d633ddcb35586791cc7f41caf9797fdbdc726befd140c8dbd2a3a3a032581f1f20e226b6f29327a6f9892255ab6b69c27d1e13719fe5b

  • SSDEEP

    196608:f6/ssSAAdFmYR0BwJ6DOlmreNUbR8cTGVqdZtzQ4cXwokT0YETuhtNo2vwDYpmv+:f69sFmYR0CJ6UmCNUbR8uGotzSXjkMud

  Score

  10^/10

  babadedabitratcrypterloadertrojanupx

  • Babadeda

    Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.

    loadercrypterbabadeda

  • Babadeda Crypter

  • BitRAT

    BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    trojanbitrat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2

• • Target

    out.upx

  • Size

    3.0MB

  • MD5

    b510a3a35667c296af8ed25da5cce507

  • SHA1

    5c53aa4e168772a90194cd763980ec6e60d08bb9

  • SHA256

    4760d76f6ec696279b847453e9c570352884dc77e205af547c8f6beabf0ee9e7

  • SHA512

    96a9caff45c8b2816f9d2d24cfe3d04a7b7315ca532e0bacf1363809c057be061c62b7349e08bff23a0094ecfe71cb88c7d7e0eed39592414e8379521a1822bd

  • SSDEEP

    49152:MzHE+gX6s+qKubZ2SeZ1OadYqy1BTKVUQDZB:MD7gX6s+zRrzAzQFB

  Score

  1^/10
  behavioral3behavioral4