General
-
Target
d4d4aa7d621379645d28f3a16b3ba41b971216869f5448ea5c1fc2e78cfecb26
-
Size
7.6MB
-
Sample
240410-rpa9kaah39
-
MD5
ed1deddf6287d2435e1c4c02daf0278d
-
SHA1
7b67ed1f42e5cf388a0a981566598e716d9b4f99
-
SHA256
d4d4aa7d621379645d28f3a16b3ba41b971216869f5448ea5c1fc2e78cfecb26
-
SHA512
59fca204756d029f33bb6211c59fd1cd480fd106a7ed8d463d4d1400065ac929f21bf90562eaed88a4ba8ca376eedac537a6b635c81b3fa255d6b3a76eeb4b3b
-
SSDEEP
196608:V+gqLKB2pMcJa4n6Sq7YPi8TzF1Onq2f+VUGdGQcx+lEL:V+jOB2pvJx6SqgigF1UmJ/OL
Malware Config
Targets
-
-
Target
d4d4aa7d621379645d28f3a16b3ba41b971216869f5448ea5c1fc2e78cfecb26
-
Size
7.6MB
-
MD5
ed1deddf6287d2435e1c4c02daf0278d
-
SHA1
7b67ed1f42e5cf388a0a981566598e716d9b4f99
-
SHA256
d4d4aa7d621379645d28f3a16b3ba41b971216869f5448ea5c1fc2e78cfecb26
-
SHA512
59fca204756d029f33bb6211c59fd1cd480fd106a7ed8d463d4d1400065ac929f21bf90562eaed88a4ba8ca376eedac537a6b635c81b3fa255d6b3a76eeb4b3b
-
SSDEEP
196608:V+gqLKB2pMcJa4n6Sq7YPi8TzF1Onq2f+VUGdGQcx+lEL:V+jOB2pvJx6SqgigF1UmJ/OL
Score10/10-
Babadeda
Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.
-
Babadeda Crypter
-
OutSteel
OutSteel is a file uploader and document stealer written in AutoIT.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Blocklisted process makes network request
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-