Overview

overview

10

Static

static

7

99e6b46a1e...ff.exe

windows7-x64

10

99e6b46a1e...ff.exe

windows10-2004-x64

10

out.exe

windows7-x64

out.exe

windows10-2004-x64

Resubmissions

08-05-2023 11:36

230508-nq3tesad58 10

11-11-2021 12:24

211111-plhs5abcc8 8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    99e6b46a1eba6fd60b9568622a2a27b4ae1ac02e55ab8b13709f38455345aaff

  • Size

    11.7MB

  • Sample

    230508-nq3tesad58

  • MD5

    0013ee610f83b401007adbefef051305

  • SHA1

    f322e18219aa1abd91640b4d2b47fc1992068d16

  • SHA256

    99e6b46a1eba6fd60b9568622a2a27b4ae1ac02e55ab8b13709f38455345aaff

  • SHA512

    27abdf3bd117cd85e18d633ddcb35586791cc7f41caf9797fdbdc726befd140c8dbd2a3a3a032581f1f20e226b6f29327a6f9892255ab6b69c27d1e13719fe5b

  • SSDEEP

    196608:f6/ssSAAdFmYR0BwJ6DOlmreNUbR8cTGVqdZtzQ4cXwokT0YETuhtNo2vwDYpmv+:f69sFmYR0CJ6UmCNUbR8uGotzSXjkMud

Score
10/10
babadedabitratcrypterloadertrojanupx

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

145.239.202.9:4598

Attributes
  • communication_password

    2ff037574f878c384918323c55e52186

  • tor_process

    tor

Targets

    • Target

      99e6b46a1eba6fd60b9568622a2a27b4ae1ac02e55ab8b13709f38455345aaff

    • Size

      11.7MB

    • MD5

      0013ee610f83b401007adbefef051305

    • SHA1

      f322e18219aa1abd91640b4d2b47fc1992068d16

    • SHA256

      99e6b46a1eba6fd60b9568622a2a27b4ae1ac02e55ab8b13709f38455345aaff

    • SHA512

      27abdf3bd117cd85e18d633ddcb35586791cc7f41caf9797fdbdc726befd140c8dbd2a3a3a032581f1f20e226b6f29327a6f9892255ab6b69c27d1e13719fe5b

    • SSDEEP

      196608:f6/ssSAAdFmYR0BwJ6DOlmreNUbR8cTGVqdZtzQ4cXwokT0YETuhtNo2vwDYpmv+:f69sFmYR0CJ6UmCNUbR8uGotzSXjkMud

    Score
    10/10
    babadedabitratcrypterloadertrojanupx

    • Babadeda

      Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.

      loadercrypterbabadeda

    • Babadeda Crypter

    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

      trojanbitrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

    • Target

      out.upx

    • Size

      3.0MB

    • MD5

      b510a3a35667c296af8ed25da5cce507

    • SHA1

      5c53aa4e168772a90194cd763980ec6e60d08bb9

    • SHA256

      4760d76f6ec696279b847453e9c570352884dc77e205af547c8f6beabf0ee9e7

    • SHA512

      96a9caff45c8b2816f9d2d24cfe3d04a7b7315ca532e0bacf1363809c057be061c62b7349e08bff23a0094ecfe71cb88c7d7e0eed39592414e8379521a1822bd

    • SSDEEP

      49152:MzHE+gX6s+qKubZ2SeZ1OadYqy1BTKVUQDZB:MD7gX6s+zRrzAzQFB

    Score
    1/10
    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks