babadeda | 4fe326571995d0c02e822c70ad842f70b5f217c4a8dd4ed979f196b60711e00b | Triage

Sharing

General

Target

e987477b0d14b6d7075f0105aa28ba92_JaffaCakes118
Size

4.8MB
Sample

240409-jzfyssde5v
MD5

e987477b0d14b6d7075f0105aa28ba92
SHA1

54bb1ac38e517b3adf97ccb38b0d3a8ce71b1fab
SHA256

4fe326571995d0c02e822c70ad842f70b5f217c4a8dd4ed979f196b60711e00b
SHA512

bb6fc302409d60e918d130a48708bd83851b50bda20481436ab65d2091d061e61018617c542cfb8df090f79992ce9393fed2341bd1b8a38af4829a2f4383af68
SSDEEP

98304:8Sis3whP2XB/9Jp3KbjnCDHMz+7ZrrZPx3AqadVQnnPcMj:S92x/vNungMIZfZPx3knQPck

Score

10^/10

babadeda crypter loader

Malware Config

Targets

- Target
  
  e987477b0d14b6d7075f0105aa28ba92_JaffaCakes118
- Size
  
  4.8MB
- MD5
  
  e987477b0d14b6d7075f0105aa28ba92
- SHA1
  
  54bb1ac38e517b3adf97ccb38b0d3a8ce71b1fab
- SHA256
  
  4fe326571995d0c02e822c70ad842f70b5f217c4a8dd4ed979f196b60711e00b
- SHA512
  
  bb6fc302409d60e918d130a48708bd83851b50bda20481436ab65d2091d061e61018617c542cfb8df090f79992ce9393fed2341bd1b8a38af4829a2f4383af68
- SSDEEP
  
  98304:8Sis3whP2XB/9Jp3KbjnCDHMz+7ZrrZPx3AqadVQnnPcMj:S92x/vNungMIZfZPx3knQPck
Score

10^/10

babadeda crypter loader
- Babadeda
  Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.
  loader crypter babadeda
- Babadeda Crypter
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

babadedacrypterloader

behavioral2

babadedacrypterloader