Overview

overview

10

Static

static

3

750c447d6e...9c.exe

windows7-x64

10

750c447d6e...9c.exe

windows10-2004-x64

10

AudioManag...le.exe

windows7-x64

10

AudioManag...le.exe

windows10-2004-x64

10

Microsoft....ns.dll

windows7-x64

1

Microsoft....ns.dll

windows10-2004-x64

1

PocoInitializer.dll

windows7-x64

1

PocoInitializer.dll

windows10-2004-x64

1

System.Win...ty.dll

windows7-x64

1

System.Win...ty.dll

windows10-2004-x64

1

bass.dll

windows7-x64

1

bass.dll

windows10-2004-x64

1

bzip2.dll

windows7-x64

3

bzip2.dll

windows10-2004-x64

3

d3d10core.dll

windows10-2004-x64

1

iconv.dll

windows7-x64

3

iconv.dll

windows10-2004-x64

3

libgthread-2.0-0.dll

windows7-x64

1

libgthread-2.0-0.dll

windows10-2004-x64

1

wxwidgetsforms2.dll

windows7-x64

10

wxwidgetsforms2.dll

windows10-2004-x64

10

xmlparse.dll

windows7-x64

1

xmlparse.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    750c447d6e3c7d74ccab736a0082ef437b1cd2000d761d3aff2b73227457b29c

  • Size

    4.0MB

  • Sample

    240410-n239bshh5w

  • MD5

    fd0ed9f5ffa9c912ba8d677687776448

  • SHA1

    b7abe535dccf587c80cbcd2d4cc0c30e330b3a54

  • SHA256

    750c447d6e3c7d74ccab736a0082ef437b1cd2000d761d3aff2b73227457b29c

  • SHA512

    dc40402b2f77a3148a2ce3d86561b67c9c64a5a5492d7e6591c1bd2cd25de5d5a7e999637802b530b684d230b904a38b97ed95614ed5069f7d3293ca87bcf219

  • SSDEEP

    98304:E+CmYXmNfbqCePyvG02XIlnHNZvQkMkWmpWQ2Ga:EmumvGs/QVara

Score
10/10
babadedaoutsteelcrypterloaderspywarestealer

Malware Config

Targets

    • Target

      750c447d6e3c7d74ccab736a0082ef437b1cd2000d761d3aff2b73227457b29c

    • Size

      4.0MB

    • MD5

      fd0ed9f5ffa9c912ba8d677687776448

    • SHA1

      b7abe535dccf587c80cbcd2d4cc0c30e330b3a54

    • SHA256

      750c447d6e3c7d74ccab736a0082ef437b1cd2000d761d3aff2b73227457b29c

    • SHA512

      dc40402b2f77a3148a2ce3d86561b67c9c64a5a5492d7e6591c1bd2cd25de5d5a7e999637802b530b684d230b904a38b97ed95614ed5069f7d3293ca87bcf219

    • SSDEEP

      98304:E+CmYXmNfbqCePyvG02XIlnHNZvQkMkWmpWQ2Ga:EmumvGs/QVara

    Score
    10/10
    babadedaoutsteelcrypterloaderspywarestealer

    • Babadeda

      Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.

      loadercrypterbabadeda

    • Babadeda Crypter

    • OutSteel

      OutSteel is a file uploader and document stealer written in AutoIT.

      stealeroutsteel

    • OutSteel batch script

      Detects batch script dropped by OutSteel

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    behavioral1behavioral2

    • Target

      AudioManagementConsole.exe

    • Size

      2.6MB

    • MD5

      54716603e1b2d01a507d5d0a3a3a104c

    • SHA1

      93b0407a05891fb797e3083c374af2e0dfb30634

    • SHA256

      595017621ccc2b26e23d39c720c6bfaf29aa17997b59a8ba7e4506eea252b8ed

    • SHA512

      b3ea1beef7f4b05afc5405877282f5d9c3588fb2bd0cdaa5616b82cbd752dec471e6d87a5ea16a478e3a26500c764a2bd38fd0e02a354029dee4e023d261aff0

    • SSDEEP

      49152:1ngd+5pMi88qiafG+aqVhTTRQMyLxe0n8CndcIx:1gd+5pMr8qRG+aqVhCSU

    Score
    10/10
    babadedaoutsteelcrypterloaderspywarestealer

    • Babadeda

      Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.

      loadercrypterbabadeda

    • Babadeda Crypter

    • OutSteel

      OutSteel is a file uploader and document stealer written in AutoIT.

      stealeroutsteel

    • OutSteel batch script

      Detects batch script dropped by OutSteel

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    behavioral3behavioral4

    • Target

      Microsoft.Expression.Interactions.dll

    • Size

      105KB

    • MD5

      3034cc0d5cf3731ed90153aa616f3f59

    • SHA1

      aace8d26358d9829f0e6632bddf183534acfec0d

    • SHA256

      63cd5e8a60d77d1007352538a4285c60c0c3efb9c771035589105a284e4f63a9

    • SHA512

      88589b022d713d565342e331394ed5600d1fe346aa788e45e16cf51221ce898f10bd28c6a09fdc44d9ad94f25b4ed22c6f0eb28fa832863c01732def5b6c6086

    • SSDEEP

      1536:hf+YSZc1rj0oek7u05g3XG5rs+eUvNL3NX5S8caZkvsd65FAU9Qyx1NElSJK/Tr:R4ZYrj0oeOg325ragNDNP+AUzqSJMr

    Score
    1/10
    behavioral5behavioral6

    • Target

      PocoInitializer.dll

    • Size

      64KB

    • MD5

      eb8c6b1f894093352397c7ae6a670261

    • SHA1

      2444b43d851bf93e34c4282732875af66ee0331e

    • SHA256

      9988bd57342edae24f6903b54e239b4b901b40c02c24c11552a8d20fc6207091

    • SHA512

      bd258ab9b9bc7ad08b019e09ab1c7e182cb883e20eedd561c5d4a0d4e333c7d13ef14b1a6ad76c4207dc9d73a1562a4ccc1052e948a7bb9db03f887f494c3091

    • SSDEEP

      1536:MimvYbkvGfnYP4+/okD0xlFjGBiaawZLkXOIYHrhg/QZE0X7QTHyb8:wYbkknYP4+/birfiLkXOIL/QZETHyb

    Score
    1/10
    behavioral7behavioral8

    • Target

      System.Windows.Interactivity.dll

    • Size

      54KB

    • MD5

      580244bc805220253a87196913eb3e5e

    • SHA1

      ce6c4c18cf638f980905b9cb6710ee1fa73bb397

    • SHA256

      93fbc59e4880afc9f136c3ac0976ada7f3faa7cacedce5c824b337cbca9d2ebf

    • SHA512

      2666b594f13ce9df2352d10a3d8836bf447eaf6a08da528b027436bb4affaad9cd5466b4337a3eaf7b41d3021016b53c5448c7a52c037708cae9501db89a73f0

    • SSDEEP

      1536:BYQaIZaEmaOQxn6JxKjtlMZAnuETAV+w4:aIhOQcSLAj4

    Score
    1/10
    behavioral10behavioral9

    • Target

      bass.dll

    • Size

      126KB

    • MD5

      d697cef8a405bddd95ad05d97e997b16

    • SHA1

      971cef29794c10b874e82e267237189bb680bb42

    • SHA256

      5c39202c34a55ad6b75914b2b9db5281fd9b5a7c61d5399a2527f37106b115e8

    • SHA512

      54dbf28bf47e2732ddfdcc48efcb8b92a52d86ba4b38c0943554bc0e631edf76e4a35d67f472e4ef8b2ae6b6949dac51998e27bcb4fdd374b0145126654f0b72

    • SSDEEP

      3072:8wbizLcb+pGOo7H07h4FaNXLeoszGre+bv8CIcBPkn0tm6t/2Ak4ggf:8Ki/cbnj0h73szGBXIVn0tX/HNr

    Score
    1/10
    behavioral11behavioral12

    • Target

      bzip2.dll

    • Size

      66KB

    • MD5

      9795fa2b84f1bd02d947089083049194

    • SHA1

      bbbed966e9b7f8c3ea4a5c57e309b7d898680a9f

    • SHA256

      6e74f65f8c04aeae5da470f69df1998d88321520979ec8b7b34a1527ce682ec1

    • SHA512

      d8cbc416ac921ceaef0464ecf62546931c0d3f8c15d01a89fb869ad02c23035e5d94183f2a8d4d0e3a543d46e66aa3b9c33d083873d2fa3d1581443580c8d847

    • SSDEEP

      1536:tjKmxlJrFdjFjpX97hrV3OXl5FJ0SVsYnBFkGdZ8gUETLIF8JXe9Nvvvvvvvvvvv:tFxlbdjFjpX97hrV3OXl5FJ0SV8gUiLS

    Score
    3/10
    behavioral13behavioral14

    • Target

      d3d10core.dll

    • Size

      33KB

    • MD5

      2a5354ad68b4a18df4a2b67e14da676d

    • SHA1

      4368c4322c670da4eddf1aa26fa83d1394f5fe6c

    • SHA256

      c67b0f17b91bf912ccd4d65e356ab6f2f85864677bc7b04ee072ed502064e607

    • SHA512

      2720679ec6d3524998daedfa872b8ae4d6a9afd3630eb9b2c5434d5c91e845ab4df5172621665789f064118fc76612bb288db218a6de8946d9709dc1945e126c

    • SSDEEP

      384:66dUkb2QAFX+Miy4OZ+Siv0lhivOWBy1sYRoWyoW4IBeQmoTHlfFRm49Mufjq7:66AF8wm0lhivOWEKYqeIXlXj

    Score
    1/10
    behavioral15

    • Target

      iconv.dll

    • Size

      32KB

    • MD5

      e1349d5e1238889819906f3e1fbe3b65

    • SHA1

      4099bbef8128ab2ce15767c2028169d89a69724e

    • SHA256

      f33efe8112f644383c0852e2232117f7b492264d74664bf70357666538c0b41d

    • SHA512

      5c725d32d17f7478a698e7b59e107e2ae0dd90ac1eccbf21cefacaa632d463149d9f221779ef01459c17bb3b4c2ea7eeaecf1b5ac251e961a4c9fed399cf6960

    • SSDEEP

      768:+4Hnnn9k2VhvWgUtAAfTspDHbMdiR2+Ga:+497V5UtDTsppY+Ga

    Score
    3/10
    behavioral16behavioral17

    • Target

      libgthread-2.0-0.dll

    • Size

      43KB

    • MD5

      7ad6f303082b382bff7bafbab246c61f

    • SHA1

      8d94c4d4b0633a80e28504a3c694dd2bae252854

    • SHA256

      ee2e8485fdbfb2c5626099ccafcdc41ac60414dffd5c6c3befaf786634baf5c3

    • SHA512

      eee840f217ff65b22efd16e78fb898990116efdfb6ee1cbf9d9fb64b9f3209f18860f6477c1df60352fb242671d973dcac043134748f823d210fc393ed4e2598

    • SSDEEP

      768:OwrBdO1XBfXbbeHFolT8EiH8PWVLCfn7Hve2f3vSEWLxUswVwn:700Ojv1vwL7

    Score
    1/10
    behavioral18behavioral19

    • Target

      wxwidgetsforms2.dll

    • Size

      2.0MB

    • MD5

      9e11ac70407744bea597411f505d16b8

    • SHA1

      90fddf31c2def7b655742a0f98181ee47b2835c8

    • SHA256

      69977ef94e7abde5e40ebb1b2d639e3ae396c831a0b8671bdcd141f5f101a344

    • SHA512

      fb68fa59897d95d1a909fcb32876efcc53880fbb804ad3ebbc97fbd4eee0cf4364f43517e92245754975a1c00ecca032b06efa03791d7179f1eb6d08620cde64

    • SSDEEP

      49152:qjvkBzUXDVXBAUZLYa2WhKuoGaX0nCTETl:ovkBgXJBAUZLf

    Score
    10/10
    babadedacrypterloader

    • Babadeda

      Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.

      loadercrypterbabadeda

    • Babadeda Crypter

    behavioral20behavioral21

    • Target

      xmlparse.dll

    • Size

      52KB

    • MD5

      4bf2029bbeda32417ed67f7b4cd924d2

    • SHA1

      507cc7823ecbbe1734d4cad0a760b021c80512b0

    • SHA256

      9a111643f7241d818a313fd8657f519dcff63a4235f5baa5a015abc65cb5073f

    • SHA512

      ef190e5dada4dfd2fd1a9e78bed8dca3222da1083258e4f428867e62ca39d7a42ee4fce2142304be45c4c5a093f24e4a11b7c64fb78e10017c88e1101afb2bad

    • SSDEEP

      768:Bqh2pNq38vL5VCdLOA89r7hSciQpEmqLr5BNMxvceJo93zp:zpg381V2Ox9rFScidLrNMxTo

    Score
    1/10
    behavioral22behavioral23

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

2
T1552

Credentials In Files

2
T1552.001

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

2
T1120

System Information Discovery

3
T1082

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks