Overview

overview

10

Static

static

1

ClipPlusCo...up.msi

windows7-x64

7

ClipPlusCo...up.msi

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d97886f33e4198fa5d3d5e3f0b58f998.bin

  • Size

    17.0MB

  • Sample

    240201-dset9scahp

  • MD5

    f63764be56fe89d9aa3892f99b8dbab4

  • SHA1

    1edb81121585fe112425328f09cf4f15e29d3194

  • SHA256

    03ab69f48bc2dbe9eed9c025444c98fd25ddc947c4b93c50ce19421e331a4d65

  • SHA512

    df306b2adc80888309b049d2ddb9e6168cb444c0bf5783c7257754668e0aa1ed94cc02827358fcc4718639917f5ca44027b872bf3b1e4ed9ced91825ac164845

  • SSDEEP

    393216:gWCIangF1HdEiziOnMiBqWBVtCiedOXX8UKQrswDCIaXHvCevjJnG:7CIBF1HdEs5RVpNedOXME4qCIaXHKevI

Score
10/10
babadedacrypterloader

Malware Config

Targets

    • Target

      ClipPlusCommunitySetup.msi

    • Size

      17.1MB

    • MD5

      eb64b1dbb38961bdb4c0f4b724b1ed3d

    • SHA1

      a375bc847388cdddc6cffd57dc7f0c3d6be72cdf

    • SHA256

      cf5d6c68811f37d9ae1a9cc62abc1987fdd8900d271fdaa01d4a84853d7db10d

    • SHA512

      5c56b478f88002e10b3bea6ed2151a8e89e1693270effaa6ded943b1325b0d1e1a4aa9fa66fd8b372f70da86feab6cee781518bb50514dfb341a9767a01d36a7

    • SSDEEP

      393216:QnEbwdw5PBbXDqPiHNTS3ByWhGhz3iQw0FHufQMfh1GD6QGhNgqx9OPNQNI62vho:pbwdwnBtcFhG1w0MVZ1GD6QGhNpwsIne

    Score
    10/10
    babadedacrypterloader

    • Babadeda

      Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.

      loadercrypterbabadeda

    • Babadeda Crypter

    • Executes dropped EXE

    • Loads dropped DLL

    • Blocklisted process makes network request

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks