babadeda | cf5d6c68811f37d9ae1a9cc62abc1987fdd8900d271fdaa01d4a84853d7db10d | Triage

Submit
Reports

Overview

overview

Static

static

1

cf5d6c6881...0d.msi

windows10-2004-x64

Sharing

General

Target

cf5d6c68811f37d9ae1a9cc62abc1987fdd8900d271fdaa01d4a84853d7db10d
Size

17.1MB
Sample

240319-vhk2zaha95
MD5

eb64b1dbb38961bdb4c0f4b724b1ed3d
SHA1

a375bc847388cdddc6cffd57dc7f0c3d6be72cdf
SHA256

cf5d6c68811f37d9ae1a9cc62abc1987fdd8900d271fdaa01d4a84853d7db10d
SHA512

5c56b478f88002e10b3bea6ed2151a8e89e1693270effaa6ded943b1325b0d1e1a4aa9fa66fd8b372f70da86feab6cee781518bb50514dfb341a9767a01d36a7
SSDEEP

393216:QnEbwdw5PBbXDqPiHNTS3ByWhGhz3iQw0FHufQMfh1GD6QGhNgqx9OPNQNI62vho:pbwdwnBtcFhG1w0MVZ1GD6QGhNpwsIne

Score

10^/10

babadeda lumma crypter loader stealer

Static task

static1

Behavioral task

behavioral1

Sample

cf5d6c68811f37d9ae1a9cc62abc1987fdd8900d271fdaa01d4a84853d7db10d.msi

Resource

win10v2004-20240226-en

babadeda lumma crypter loader stealer

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

lumma

C2

https://telldruggcommitetter.shop/api

https://secretionsuitcasenioise.shop/api

https://modestessayevenmilwek.shop/api

https://triangleseasonbenchwj.shop/api

Targets

- Target
  
  cf5d6c68811f37d9ae1a9cc62abc1987fdd8900d271fdaa01d4a84853d7db10d
- Size
  
  17.1MB
- MD5
  
  eb64b1dbb38961bdb4c0f4b724b1ed3d
- SHA1
  
  a375bc847388cdddc6cffd57dc7f0c3d6be72cdf
- SHA256
  
  cf5d6c68811f37d9ae1a9cc62abc1987fdd8900d271fdaa01d4a84853d7db10d
- SHA512
  
  5c56b478f88002e10b3bea6ed2151a8e89e1693270effaa6ded943b1325b0d1e1a4aa9fa66fd8b372f70da86feab6cee781518bb50514dfb341a9767a01d36a7
- SSDEEP
  
  393216:QnEbwdw5PBbXDqPiHNTS3ByWhGhz3iQw0FHufQMfh1GD6QGhNgqx9OPNQNI62vho:pbwdwnBtcFhG1w0MVZ1GD6QGhNpwsIne
Score

10^/10

babadeda lumma crypter loader stealer
- Babadeda
  Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.
  loader crypter babadeda
- Babadeda Crypter
- Lumma Stealer
  An infostealer written in C++ first seen in August 2022.
  stealer lumma
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

babadedalummacrypterloaderstealer

© 2018-2024

Terms | Privacy