babadeda | e9a858127f5f6e5e0e94ed655a2bf9ed228f87bc99d9b12113e27dcc84be3909 | Triage

Submit
Reports

Overview

overview

Static

static

1

e9a858127f...09.msi

windows7-x64

e9a858127f...09.msi

windows10-2004-x64

Sharing

General

Target

e9a858127f5f6e5e0e94ed655a2bf9ed228f87bc99d9b12113e27dcc84be3909
Size

6.5MB
Sample

240410-r4gd5aef9x
MD5

9e2b456c62b027c89b36dc9109e50f01
SHA1

617fddb80de29bc455c0ecfd4b64d194fe911541
SHA256

e9a858127f5f6e5e0e94ed655a2bf9ed228f87bc99d9b12113e27dcc84be3909
SHA512

18ee2debeac010286291d3af38b46cb29d2503e8056b5ab74120e6934e4b16396d894e323dc11eb5cd1902ea0c30fbac75f03dbda74ea670d3828d7b6318bf59
SSDEEP

98304:5p4wd88KSX2ylsm84rfq/03ZUVaxNv3DiPF1D/lAd3YR77vhBLAbRGH1oVda3WHx:Iwe8B21mNfq/0+IxgP5sE77vfLe04rs

Score

10^/10

babadeda outsteel crypter discovery loader spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

e9a858127f5f6e5e0e94ed655a2bf9ed228f87bc99d9b12113e27dcc84be3909.msi

Resource

win7-20240221-en

babadeda outsteel crypter discovery loader spyware stealer

windows7-x64

18 signatures

150 seconds

Behavioral task

behavioral2

Sample

e9a858127f5f6e5e0e94ed655a2bf9ed228f87bc99d9b12113e27dcc84be3909.msi

Resource

win10v2004-20240226-en

babadeda outsteel crypter discovery loader spyware stealer

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Targets

- Target
  
  e9a858127f5f6e5e0e94ed655a2bf9ed228f87bc99d9b12113e27dcc84be3909
- Size
  
  6.5MB
- MD5
  
  9e2b456c62b027c89b36dc9109e50f01
- SHA1
  
  617fddb80de29bc455c0ecfd4b64d194fe911541
- SHA256
  
  e9a858127f5f6e5e0e94ed655a2bf9ed228f87bc99d9b12113e27dcc84be3909
- SHA512
  
  18ee2debeac010286291d3af38b46cb29d2503e8056b5ab74120e6934e4b16396d894e323dc11eb5cd1902ea0c30fbac75f03dbda74ea670d3828d7b6318bf59
- SSDEEP
  
  98304:5p4wd88KSX2ylsm84rfq/03ZUVaxNv3DiPF1D/lAd3YR77vhBLAbRGH1oVda3WHx:Iwe8B21mNfq/0+IxgP5sE77vfLe04rs
Score

10^/10

babadeda outsteel crypter discovery loader spyware stealer
- Babadeda
  Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.
  loader crypter babadeda
- Babadeda Crypter
- OutSteel
  OutSteel is a file uploader and document stealer written in AutoIT.
  stealer outsteel
- Modifies file permissions
  discovery
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

babadedaoutsteelcrypterdiscoveryloaderspywarestealer

behavioral2

babadedaoutsteelcrypterdiscoveryloaderspywarestealer

© 2018-2024

Terms | Privacy