Overview

overview

10

Static

static

1

ClipPlusCo...ns.msi

windows7-x64

10

ClipPlusCo...ns.msi

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    89c3080450032840bb51a80be936d69e.bin

  • Size

    17.0MB

  • Sample

    240202-by969aagc8

  • MD5

    1779dd5752f6a356396f40b9142b08d9

  • SHA1

    b191cc58d73f5dba4145b58eed92ff4109bf9549

  • SHA256

    75f193ede0c901a7898b88ec92096f151bd1dd4f5bcd45e80047d5e35fb38a55

  • SHA512

    27324a3f6d86d1ba4a40d0705fabebdcdd56b2a2884c9b46112aa38dbec82d7b16cbd979bf5eeec09fff451e6476cea8ee14bf67cdd01a62f1e99b64d6ff82b1

  • SSDEEP

    393216:+e1LY7Rnf+1KSfDC2K+zSFBRgM1cePD4TlAkW2nivkfAEObgmE:M9f+cS+CWkM19MTnWqmfE/

Score
10/10
babadedacrypterloader

Malware Config

Targets

    • Target

      ClipPlusCommunitySetup_ns.msi

    • Size

      17.1MB

    • MD5

      b82ada91e8742234257d9cad38deebfe

    • SHA1

      d1278efa9729f955de1dbfcfe53550e67212ff9b

    • SHA256

      3c8a05c5e2b599db85700ff9334a778efd2a99f6b4a1852aa0c129ba6039f834

    • SHA512

      676d29697382b1375c7da26fcd6af20a7c5fb9f0f506c951c7280c7da12778d40fcfb1ef50653628123edf6cba8308d43a4945489a5f6b58e67dcc61d6fd373b

    • SSDEEP

      393216:bnEbwdw5PBbXDqPiHNTS3ByWhGhz3iQw0FHufQMfh1GD6QGhNgqx9OPNQNI62vhp:wbwdwnBtcFhG1w0MVZ1GD6QGhNpwsIn/

    Score
    10/10
    babadedacrypterloader

    • Babadeda

      Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.

      loadercrypterbabadeda

    • Babadeda Crypter

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

2
T1120

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks