babadeda

General

Target

03568d8040142366dfcb85e8af98b5b7b47061e0a29889a3df0063253dbe6200.exe
Size

9.4MB
Sample

241120-2rgt8svngv
MD5

b66c699191a8ab6b24d39438e496c57e
SHA1

86ec80a8662b4559314a51e5e183f5e0cc291775
SHA256

03568d8040142366dfcb85e8af98b5b7b47061e0a29889a3df0063253dbe6200
SHA512

4dbbbdfc530becf4b08178b1fe390bb4ad5a36cc6a7f7d0a9d51a1ddaa0a8a7f7e6757fabf5cb160ee6f2df54b83ece1f18e5feb600afe053ff7225d04f55ba7
SSDEEP

196608:26xqZc05LWdl1Z+UwN6E3wmnymNk+tacjMcqY55s/c8:/qZc0mvZ+ScorY55s/c8

Score

10^/10

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

185.215.113.102:1234

Attributes

communication_password
5d55208d3d81a0bf50741250fe5b93d7
tor_process
tor

Targets

- Target
  
  03568d8040142366dfcb85e8af98b5b7b47061e0a29889a3df0063253dbe6200.exe
- Size
  
  9.4MB
- MD5
  
  b66c699191a8ab6b24d39438e496c57e
- SHA1
  
  86ec80a8662b4559314a51e5e183f5e0cc291775
- SHA256
  
  03568d8040142366dfcb85e8af98b5b7b47061e0a29889a3df0063253dbe6200
- SHA512
  
  4dbbbdfc530becf4b08178b1fe390bb4ad5a36cc6a7f7d0a9d51a1ddaa0a8a7f7e6757fabf5cb160ee6f2df54b83ece1f18e5feb600afe053ff7225d04f55ba7
- SSDEEP
  
  196608:26xqZc05LWdl1Z+UwN6E3wmnymNk+tacjMcqY55s/c8:/qZc0mvZ+ScorY55s/c8
Score

10^/10

babadeda bitrat crypter discovery loader trojan
- Babadeda
  Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.
  loader crypter babadeda
- Babadeda Crypter
- Babadeda family
  babadeda
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- Bitrat family
  bitrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Babadeda Crypter

Babadeda family

BitRAT

Bitrat family

Checks computer location settings

Drops startup file

Executes dropped EXE

Loads dropped DLL

Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2