babadeda | ea818f5bae6ddcc3f705b68882cd5ab338e425c7e73ae4d80a43379b6fa4d185 | Triage

Submit
Reports

Overview

overview

Static

static

9c405f1116...b7.exe

windows10-1703-x64

7

9c405f1116...b7.exe

windows10-2004-x64

Sharing

General

Target

16931369884.zip
Size

15.4MB
Sample

240430-tww6qaag4v
MD5

d3f54bfcf93ddbd10edca2372674289a
SHA1

69aea8e829fcd18b22859a8e7c050b0f1bc331fd
SHA256

ea818f5bae6ddcc3f705b68882cd5ab338e425c7e73ae4d80a43379b6fa4d185
SHA512

b862d56016f512c8a5284f9bde0b0758ec6ac28aeafc514294f613d2abd9c967a149582c2bcc2ed2ad2a3e98df62309176f790d1070ba96073a6cdf6f936b897
SSDEEP

393216:EfAKgEVRirA1NQ0AjKh3cw3oHQVve3K8vtz+kKp2bP:EfAc1nW+cKoHjpvtzHr

Score

10^/10

babadeda netsupport privateloader crypter discovery loader persistence rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

9c405f111624a3cc5b223a8600dde5ed07a69bb791a18e4024d3ed0a186495b7.exe

Resource

win10-20240404-en

windows10-1703-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

9c405f111624a3cc5b223a8600dde5ed07a69bb791a18e4024d3ed0a186495b7.exe

Resource

win10v2004-20240426-en

babadeda netsupport crypter discovery loader persistence rat

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  9c405f111624a3cc5b223a8600dde5ed07a69bb791a18e4024d3ed0a186495b7
- Size
  
  17.3MB
- MD5
  
  7a351dace7efa6ed21b0d2ea98d8ca5d
- SHA1
  
  79255b525aef00c4b3bc85e3a3419fd5300b97ae
- SHA256
  
  9c405f111624a3cc5b223a8600dde5ed07a69bb791a18e4024d3ed0a186495b7
- SHA512
  
  b65ca47f9cba68803b63a16d9603d1aca16a0ccce5b46c3908779caa6ecde2825de54ae80e1a95101bbc2fc57c40b17726cb0947233d240f1d9469288fa675f0
- SSDEEP
  
  393216:2qZy/L7D1LLVNnSf9b1Yjd9Z8h9v89l1:3Zy/LtLLVYBGdb8h18x
Score

10^/10

discovery babadeda netsupport crypter loader persistence rat
- Babadeda
  Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.
  loader crypter babadeda
- Babadeda Crypter
- NetSupport
  NetSupport is a remote access tool sold as a legitimate system administration software.
  rat netsupport
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

babadedanetsupportcrypterdiscoveryloaderpersistencerat

© 2018-2024

Terms | Privacy