babadeda | 4af4a3e76358c3a932e5fa2bd23af3f73880a0f24d0841c299bea7f35dec8283 | Triage

Submit
Reports

Overview

overview

Static

static

3

30a64c61e7...a5.exe

windows7-x64

30a64c61e7...a5.exe

windows10-2004-x64

6

Sharing

General

Target

30a64c61e75d116f706c23f451abaca5
Size

5.9MB
Sample

231231-lbfn8scad7
MD5

30a64c61e75d116f706c23f451abaca5
SHA1

ed161a6087975bc583349e5109e2e425a20c11a4
SHA256

4af4a3e76358c3a932e5fa2bd23af3f73880a0f24d0841c299bea7f35dec8283
SHA512

785c4080092b8d2082d9439c2f3d15564f03f003d4b1831f6c975229c13be671a33c216c2f7d93d93601c375980aa999d030d3bb69032157792f7fbddd1f2765
SSDEEP

98304:gAI+vDWbKaXOp1dFotsOfp8/+xBerRpHXaptins5mXj88ZlW7Xtj7sqXJN6zKT2T:HtCew+2sOfp6+rMKptOHXj88Z0PsqN6N

Score

10^/10

babadeda crypter discovery loader

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

30a64c61e75d116f706c23f451abaca5.exe

Resource

win7-20231215-en

babadeda crypter discovery loader

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

30a64c61e75d116f706c23f451abaca5.exe

Resource

win10v2004-20231215-en

windows10-2004-x64

3 signatures

150 seconds

Malware Config

Targets

- Target
  
  30a64c61e75d116f706c23f451abaca5
- Size
  
  5.9MB
- MD5
  
  30a64c61e75d116f706c23f451abaca5
- SHA1
  
  ed161a6087975bc583349e5109e2e425a20c11a4
- SHA256
  
  4af4a3e76358c3a932e5fa2bd23af3f73880a0f24d0841c299bea7f35dec8283
- SHA512
  
  785c4080092b8d2082d9439c2f3d15564f03f003d4b1831f6c975229c13be671a33c216c2f7d93d93601c375980aa999d030d3bb69032157792f7fbddd1f2765
- SSDEEP
  
  98304:gAI+vDWbKaXOp1dFotsOfp8/+xBerRpHXaptins5mXj88ZlW7Xtj7sqXJN6zKT2T:HtCew+2sOfp6+rMKptOHXj88Z0PsqN6N
Score

10^/10

babadeda crypter discovery loader
- Babadeda
  Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.
  loader crypter babadeda
- Babadeda Crypter
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

babadedacrypterdiscoveryloader

behavioral2

© 2018-2024

Terms | Privacy