babadeda | 29c9cf0b382b8b55e5eca9051e1a848f94fffce83c6061911c3790c80a4ae86d | Triage

Submit
Reports

Overview

overview

Static

static

3d632bd26d...a5.exe

windows7-x64

3d632bd26d...a5.exe

windows10-2004-x64

1

Sharing

General

Target

3d632bd26d3b9e97523dc8c9ea8c7aa5
Size

22.1MB
Sample

240101-vg83eaghb8
MD5

3d632bd26d3b9e97523dc8c9ea8c7aa5
SHA1

837138c671370019337b7b75a98fdca4e93999e4
SHA256

29c9cf0b382b8b55e5eca9051e1a848f94fffce83c6061911c3790c80a4ae86d
SHA512

83734dbf5dcf8d6eed8b188eb0ab93030ee53c0b47dcce2f52a5680b3f1e3b625312745ab5c13fe32dc36d5963e378356ce7813c0a8389f54c08c583ca0353bc
SSDEEP

196608:GttgK19TxXaLttdCjwDhqTgcxx1gAIrJuHEUtFtLdTAfrJBPdYZ3r5kYA8YhW:4gKvlXaLttdC0w0cH1WuzjE2cT8YhW

Score

10^/10

babadeda crypter discovery loader

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

3d632bd26d3b9e97523dc8c9ea8c7aa5.exe

Resource

win7-20231215-en

babadeda crypter discovery loader

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

3d632bd26d3b9e97523dc8c9ea8c7aa5.exe

Resource

win10v2004-20231222-en

windows10-2004-x64

0 signatures

150 seconds

Malware Config

Targets

- Target
  
  3d632bd26d3b9e97523dc8c9ea8c7aa5
- Size
  
  22.1MB
- MD5
  
  3d632bd26d3b9e97523dc8c9ea8c7aa5
- SHA1
  
  837138c671370019337b7b75a98fdca4e93999e4
- SHA256
  
  29c9cf0b382b8b55e5eca9051e1a848f94fffce83c6061911c3790c80a4ae86d
- SHA512
  
  83734dbf5dcf8d6eed8b188eb0ab93030ee53c0b47dcce2f52a5680b3f1e3b625312745ab5c13fe32dc36d5963e378356ce7813c0a8389f54c08c583ca0353bc
- SSDEEP
  
  196608:GttgK19TxXaLttdCjwDhqTgcxx1gAIrJuHEUtFtLdTAfrJBPdYZ3r5kYA8YhW:4gKvlXaLttdC0w0cH1WuzjE2cT8YhW
Score

10^/10

babadeda crypter discovery loader
- Babadeda
  Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.
  loader crypter babadeda
- Babadeda Crypter
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

babadedacrypterdiscoveryloader

behavioral2

© 2018-2024

Terms | Privacy