Overview

overview

10

Static

static

1

bf77575e35...18.exe

windows7-x64

10

bf77575e35...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bf77575e35353666d14f859329f809ca_JaffaCakes118

  • Size

    6.2MB

  • Sample

    240404-wzz3wsfc69

  • MD5

    bf77575e35353666d14f859329f809ca

  • SHA1

    bf6971bd549f142cbbc55af77ac62583c037dcf9

  • SHA256

    90d5e4b6604b118f18ec88b7f032454493c0f75616468d217e7a481678d3f8bd

  • SHA512

    628268b5b9190dc3c358ce22d61e353b14c2cb3bf80a721072c5b9581a3fef87105b2041d7a3c178143e4fa2f7c5412463b9849ce1ca7932623272b0f3535736

  • SSDEEP

    196608:L+gqLKB2pDcLmoduFZ1TS9zC262x7QDEMqQEd:L+jOB2pALm8i+H7+bqr

Score
10/10
babadedadarkvnccrypterloaderrat

Malware Config

Targets

    • Target

      bf77575e35353666d14f859329f809ca_JaffaCakes118

    • Size

      6.2MB

    • MD5

      bf77575e35353666d14f859329f809ca

    • SHA1

      bf6971bd549f142cbbc55af77ac62583c037dcf9

    • SHA256

      90d5e4b6604b118f18ec88b7f032454493c0f75616468d217e7a481678d3f8bd

    • SHA512

      628268b5b9190dc3c358ce22d61e353b14c2cb3bf80a721072c5b9581a3fef87105b2041d7a3c178143e4fa2f7c5412463b9849ce1ca7932623272b0f3535736

    • SSDEEP

      196608:L+gqLKB2pDcLmoduFZ1TS9zC262x7QDEMqQEd:L+jOB2pALm8i+H7+bqr

    Score
    10/10
    babadedadarkvnccrypterloaderrat

    • Babadeda

      Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.

      loadercrypterbabadeda

    • Babadeda Crypter

    • DarkVNC

      DarkVNC is a malicious version of the famous VNC software.

      ratdarkvnc

    • DarkVNC payload

      rat

    • Executes dropped EXE

    • Loads dropped DLL

    • Blocklisted process makes network request

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks