babadeda | 19415b0f141eba1d036f14bc99b970db90e5f29b2656f69a56980b19214994b2 | Triage

Submit
Reports

Overview

overview

Static

static

1

1b6a482264...72.exe

windows7-x64

1b6a482264...72.exe

windows10-2004-x64

Sharing

General

Target

1b6a482264775b5ab5b792c89f4cb272
Size

6.9MB
Sample

231230-rsvsdahahk
MD5

1b6a482264775b5ab5b792c89f4cb272
SHA1

c265d55a702cb0323f7347bea2915e8c63d89983
SHA256

19415b0f141eba1d036f14bc99b970db90e5f29b2656f69a56980b19214994b2
SHA512

5afaf1a5671962f752a28972d8b8fc348c1c1cc126d3ced48a0647eb37fb83d0910d7f4cacd31e17e9fb6a9dede8554be28fb48de275251440e30fe3b8a67113
SSDEEP

196608:kPGZKb8Ehfrm4JYKtjADXsuIwDO+tkw06y2:VoJrzaKtjADVIUdR

Score

10^/10

babadeda vidar 953 crypter discovery loader stealer upx

Static task

static1

Behavioral task

behavioral1

Sample

1b6a482264775b5ab5b792c89f4cb272.exe

Resource

win7-20231215-en

babadeda vidar 953 crypter discovery loader stealer upx

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

1b6a482264775b5ab5b792c89f4cb272.exe

Resource

win10v2004-20231215-en

babadeda vidar 953 crypter discovery loader stealer upx

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

vidar

Version

39.8

Botnet

953

C2

https://xeronxikxxx.tumblr.com/

Attributes

profile_id
953

Targets

- Target
  
  1b6a482264775b5ab5b792c89f4cb272
- Size
  
  6.9MB
- MD5
  
  1b6a482264775b5ab5b792c89f4cb272
- SHA1
  
  c265d55a702cb0323f7347bea2915e8c63d89983
- SHA256
  
  19415b0f141eba1d036f14bc99b970db90e5f29b2656f69a56980b19214994b2
- SHA512
  
  5afaf1a5671962f752a28972d8b8fc348c1c1cc126d3ced48a0647eb37fb83d0910d7f4cacd31e17e9fb6a9dede8554be28fb48de275251440e30fe3b8a67113
- SSDEEP
  
  196608:kPGZKb8Ehfrm4JYKtjADXsuIwDO+tkw06y2:VoJrzaKtjADVIUdR
Score

10^/10

babadeda vidar 953 crypter discovery loader stealer upx
- Babadeda
  Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.
  loader crypter babadeda
- Babadeda Crypter
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Vidar Stealer
  stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

babadedavidar953crypterdiscoveryloaderstealerupx

behavioral2

babadedavidar953crypterdiscoveryloaderstealerupx

© 2018-2024

Terms | Privacy