Extracted

• • Target

    1377deaa157a92de3c0a896f06f4cf24133e33cf2429a4119a8cb45ec2e84f79.exe

  • Size

    6.3MB

  • MD5

    b5e7c64b883593034c6e5ebcc3261f8c

  • SHA1

    c8ac9588bf5337b8c289ce5adebe8c77eb2700e7

  • SHA256

    1377deaa157a92de3c0a896f06f4cf24133e33cf2429a4119a8cb45ec2e84f79

  • SHA512

    be52fd65caa9aacca6b02668055371147b580f4b516af7fc3c97836b56cdb549afd39404a10722c8baca97a724bee9b1f13e4c9e496c3bbd3bc97104489073a1

  • SSDEEP

    98304:zPdx/6o/EJ6N6ExIxrnumYqR2EPsobf+do1otZpEfnt7bctTLyxa0VP+PAvLREUo:zL6ocnTrueMZMFcd+xpVQAvLREUxyKbm

  Score

  10^/10

  babadedacryptbotcrypterdiscoveryloaderspywarestealer

  • Babadeda

    Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.

    loadercrypterbabadeda

  • Babadeda Crypter

  • Babadeda family

    babadeda

  • CryptBot

    CryptBot is a C++ stealer distributed widely in bundle with other software.

    spywarestealercryptbot

  • Cryptbot family

    cryptbot

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory

  behavioral1behavioral2