babadeda | fad9151bdf6b42b534a4eca9c0fa331970fc0596e1ffd4fcba245b2a1cfc936b | Triage

Submit
Reports

Overview

overview

Static

static

1

cf88923b7d...0d.exe

windows10-2004-x64

Resubmissions

09-04-2024 10:33

240409-mls8racg53 10

14-11-2022 09:44

221114-lqqgzsbf6y 10

Sharing

General

Target

cf88923b7d0287884870af999a8d64f90c7deeb4c4d09feed406472ff259b30d.zip
Size

10.1MB
Sample

240409-mls8racg53
MD5

a5a6e80dcb7a51c02a16a02d695c1ffe
SHA1

57d7cc76940b0c249db60c90570874676beee4f4
SHA256

fad9151bdf6b42b534a4eca9c0fa331970fc0596e1ffd4fcba245b2a1cfc936b
SHA512

2fac7b091feca1bb13b3a8b2df0be51d67ebcce9682ffafce809415b951e7c2a60de322c1a33a5f6c6d9c5e1f1f02f0eb15889d1cc3dd4ff13c54d90fcf6b520
SSDEEP

196608:RZF79UcVBfPVPPLGEKffa06KgH0PduzXtFL84bGfuE7e8AMla4vhjS:F7icDDGRC0lgW2Xtt84ifuEq8PbjS

Score

10^/10

babadeda fickerstealer crypter infostealer loader

Static task

static1

Behavioral task

behavioral1

Sample

cf88923b7d0287884870af999a8d64f90c7deeb4c4d09feed406472ff259b30d.exe

Resource

win10v2004-20240226-en

babadeda fickerstealer crypter infostealer loader

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

fickerstealer

C2

prunerflowershop.com:80

Targets

- Target
  
  cf88923b7d0287884870af999a8d64f90c7deeb4c4d09feed406472ff259b30d.exe
- Size
  
  10.7MB
- MD5
  
  60bce89d8df5caa28d3d73ee4c94313a
- SHA1
  
  878e237aeb528a1e4c6c3fe53cb4ffd1c420231e
- SHA256
  
  cf88923b7d0287884870af999a8d64f90c7deeb4c4d09feed406472ff259b30d
- SHA512
  
  963629759df10731e7b49a113fd4eb462286d26d4b394bab89bea35f4515cc907d803b01313764b973ebd4876a40e2fff820ad6b10f7a142e74a31a836010665
- SSDEEP
  
  196608:yxthehwzf4soekmmf7zADj75xtw0QkyPAm2VxdG1P5K5S2njugWR:meCBoeq7adK7JonCxC7juR
Score

10^/10

babadeda fickerstealer crypter infostealer loader
- Babadeda
  Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.
  loader crypter babadeda
- Babadeda Crypter
- Fickerstealer
  Ficker is an infostealer written in Rust and ASM.
  infostealer fickerstealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

babadedafickerstealercrypterinfostealerloader

© 2018-2024

Terms | Privacy