babadeda | feb3ab1217f993d9214bb0e1a9561709bd9a1172ceee719fa9051d9fa6aa9622 | Triage

Sharing

General

Target

feb3ab1217f993d9214bb0e1a9561709bd9a1172ceee719fa9051d9fa6aa9622
Size

11.5MB
Sample

231030-h2watsbf6w
MD5

b2362907c61a06a1df4093acc67f7da2
SHA1

b613c0cdcb3402fcb00534b680120f2b0f40a84c
SHA256

feb3ab1217f993d9214bb0e1a9561709bd9a1172ceee719fa9051d9fa6aa9622
SHA512

e11c6405beeb8f6270ecf4505ffb5ad85c3b7f79c949867bbc42cf22d4751f4e19ae31864a513b2352f4e6435083246637be7aa748208bfe2d185e38003d875a
SSDEEP

196608:UfoZBgpQUX2MvWRT01qwUEyT/19lzRXozjo4J1e5HXeaiBNPRMvnPVGYsqRff2PW:eugpQqBKn1EyRTzRXoj1OuRTR8Gs2PQT

Score

10^/10

babadeda crypter loader

Malware Config

Targets

- Target
  
  Setup.exe
- Size
  
  11.9MB
- MD5
  
  1a186a55a6281568bf74125bf0b3fe51
- SHA1
  
  910503dfc5c05c90de5869edb2eb1c9e7cd63fe3
- SHA256
  
  565ea7469f9769dd05c925a3f3ef9a2f9756ff1f35fd154107786bfc63703b52
- SHA512
  
  2d516e55dffddfaad720610745072d82537afc91bc8c1c7b8db199d6105d6c141a580a381914dffc991542c0e51d007fc32dc602279faf21ad88658eb99ccb26
- SSDEEP
  
  196608:XCHqZH1URaQlYJlAfyei+yNtl7nl/D4Z5WMJ3wzt1eyUd7xPSvlJdG8yG9hBIP8v:OqZH1c9kPn+ytzl/D473wIJHP+GcIP8v
Score

10^/10

babadeda crypter loader
- Babadeda
  Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.
  loader crypter babadeda
- Babadeda Crypter
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2
- Target
  
  Xaw-VPN/Xaw-VPN _ Secure, Fast, Free VPN service for online privacy.pdf
- Size
  
  1.2MB
- MD5
  
  03699f66473a7213d11b8d45ee796b7f
- SHA1
  
  7841ae3da113d40174b52b0c55b2881acb451a51
- SHA256
  
  8d96ee4906fa9f4bfef2f8452eca70a114ec399b3887639567110aaa0eee89d0
- SHA512
  
  d63b182af0033026d33311e053b1169ff8465f33282bf6e7bee9ca9c6050dd2e2875a3e0e0499445f68a94e768f23d199c2223936d363cf819416c7bbb732029
- SSDEEP
  
  24576:7fG/ni5tTjd4TvZTu++ay4JAUT5uTBIK3DbuwS:bGfQJjsH+T4TgywS
Score

1^/10
behavioral3 behavioral4
- Target
  
  Xaw-VPN/index.html
- Size
  
  28KB
- MD5
  
  3b503e0e1b5f722d0567b6c3d3ebd6dc
- SHA1
  
  03421e1e96bfbf55b5cbb1e24b03c0a64b945bb2
- SHA256
  
  73e18c8e6a2351254cafbd51ece95ac2d1d473c828db3ea4e6f3d1327c3301d7
- SHA512
  
  32a172b1a198e748b11db61cbfc5be5b5cd6699bd91bd928868aabef7eec0611b39d22f13ebd66fbdb85589e40e8de0a97d36293446a1109c42b3748898e31d7
- SSDEEP
  
  192:0V8ClF7U9JGvukne4ACNNzcioveDnJguHJ3HJJJFVGOJnHJ8jrMVwxFrfOmPGXHM:ePluknx+DegU57FVGCp8jpFrO/h8CIJ
Score

1^/10
behavioral5 behavioral6
- Target
  
  Xaw-VPN/index.html@n=best.free.xvpn.NetflixPage.html
- Size
  
  18KB
- MD5
  
  443208d8316c8abd458ec25c4d175e35
- SHA1
  
  e137313bfe7605364b2ba18d5ebcb37addaf1ae9
- SHA256
  
  b6876d6242b4bc8ad8bd82f7553ac95dea70c0a9422aa97a895a24c470c0268d
- SHA512
  
  34c300f96cd2045cc04af73b14835360becf6e9ec3c2c5c282b93b5493fb1fdceb5fc3c11940a4250e04f2a62f105e49d7d31c93e2cb09de041b9d979b229d74
- SSDEEP
  
  192:nnC++7U9sGvukne4ACFKL7P57QXCmZJkWOYEUOQY8QADSxAMbzr:AouknxCLT1+CmJkNjUONvADtMbzr
Score

1^/10
behavioral7 behavioral8

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

babadedacrypterloader

behavioral2

babadedacrypterloader

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8