Overview

overview

10

Static

static

1

cf5d6c6881...0d.msi

windows7-x64

10

cf5d6c6881...0d.msi

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    eb64b1dbb38961bdb4c0f4b724b1ed3d.bin

  • Size

    17.0MB

  • Sample

    240201-dzgx7sccbq

  • MD5

    4d013906c17f77b96d467aa78eb3ef90

  • SHA1

    424cdc9eee2e544a78f28b1dc8c53fcd98cc38ce

  • SHA256

    88430144366f4833f7e71c205f09cc4d2ea08983a8a8b98122c1989a9712f622

  • SHA512

    8938eca845ad54810ff3d3f1cc47bd7e89c34ecc3984f74ae902323b8ea96bf2e66cdce132850d26dbb1562838a60e19da5f084fa6a44dfab0d8e03bcb7004e7

  • SSDEEP

    393216:DhMHZe/M01gcPJc2hXJv0lV3comL0Hh9rjriA9tai5gNHcX3:DhM5UrguXQlBlm0h9qUvCK3

Score
10/10
babadedacrypterloader

Malware Config

Targets

    • Target

      cf5d6c68811f37d9ae1a9cc62abc1987fdd8900d271fdaa01d4a84853d7db10d.msi

    • Size

      17.1MB

    • MD5

      eb64b1dbb38961bdb4c0f4b724b1ed3d

    • SHA1

      a375bc847388cdddc6cffd57dc7f0c3d6be72cdf

    • SHA256

      cf5d6c68811f37d9ae1a9cc62abc1987fdd8900d271fdaa01d4a84853d7db10d

    • SHA512

      5c56b478f88002e10b3bea6ed2151a8e89e1693270effaa6ded943b1325b0d1e1a4aa9fa66fd8b372f70da86feab6cee781518bb50514dfb341a9767a01d36a7

    • SSDEEP

      393216:QnEbwdw5PBbXDqPiHNTS3ByWhGhz3iQw0FHufQMfh1GD6QGhNgqx9OPNQNI62vho:pbwdwnBtcFhG1w0MVZ1GD6QGhNpwsIne

    Score
    10/10
    babadedacrypterloader

    • Babadeda

      Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.

      loadercrypterbabadeda

    • Babadeda Crypter

    • Executes dropped EXE

    • Loads dropped DLL

    • Blocklisted process makes network request

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

2
T1120

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks