babbleloader | a08db4c7b7bacc2bacd1e9a0ac7fbb91306bf83c279582f5ac3570a90e8b0f87[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

a08db4c7b7bacc2bacd1e9a0ac7fbb91306bf83c279582f5ac3570a90e8b0f87.exe
Size

1.6MB
MD5

fa3d03c319a7597712eeff1338dabf92
SHA1

f055ba8a644f68989edc21357c0b17fdf0ead77f
SHA256

a08db4c7b7bacc2bacd1e9a0ac7fbb91306bf83c279582f5ac3570a90e8b0f87
SHA512

80226bb11d56e4dc2dbc4fc6aade47db4ca4c539b25ee70b81465e984df0287d5efcadb6ec8bfc418228c61bd164447d62c4444030d31655aaeed342e2507ea1
SSDEEP

24576:ZMN6PENnBBQXf1UCyfGH32hEFS3qWcI6baD8U2ZuLCk4EB:ZM15BBwKjEF3M2A1

Score

10^/10

babbleloader

Malware Config

Signatures

Babbleloader family
babbleloader

Detects BabbleLoader Payload 1 IoCs

resource	yara_rule
sample	family_babbleloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a08db4c7b7bacc2bacd1e9a0ac7fbb91306bf83c279582f5ac3570a90e8b0f87.exe

Files

a08db4c7b7bacc2bacd1e9a0ac7fbb91306bf83c279582f5ac3570a90e8b0f87.exe
.exe windows:6 windows x64 arch:x64

fe99e7ecdc5c896e52392c8a198886e3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

SetStdHandle
GetCommandLineA
GetEnvironmentVariableA
SetEnvironmentVariableA
SetCurrentDirectoryA
FindClose
FindCloseChangeNotification
FindFirstChangeNotificationA
FindFirstFileA
FindNextChangeNotification
FindNextFileA
FindVolumeClose
GetDiskFreeSpaceExA
GetFileAttributesA
GetFileAttributesExA
GetFileSize
GetFileSizeEx
GetFullPathNameA
ReadFileEx
SetEndOfFile
SetFileAttributesA
UnlockFileEx
GetCompressedFileSizeA
AreFileApisANSI
GetTempPathA
GetVolumeInformationA
SetFileApisToOEM
HeapCreate
GetQueuedCompletionStatus
SleepEx
GetCurrentProcessId
ExitProcess
GetExitCodeProcess
GetCurrentThread
SetThreadPriority
SetThreadPriorityBoost
GetThreadPriorityBoost
GetThreadPriority
ExitThread
TerminateThread
GetExitCodeThread
ResumeThread
TlsSetValue
SetPriorityClass
GetPriorityClass
GetProcessId
GetProcessHandleCount
SetProcessPriorityBoost
SetThreadIdealProcessor
GetProcessShutdownParameters
GetProcessWorkingSetSize
QueueUserWorkItem
SetInformationJobObject
GetBinaryTypeA
GetProcessIoCounters
SwitchToFiber
ConvertFiberToThread
ConvertThreadToFiber
GetTapeStatus
GetStdHandle
BackupSeek
GetLogicalDriveStringsA
GetStartupInfoA
DefineDosDeviceA
QueryDosDeviceA
CopyFileA
CopyFileExA
MoveFileA
MoveFileWithProgressA
FindFirstVolumeA
FindNextVolumeA
GetVolumeNameForVolumeMountPointA
GetDateFormatA
GetTimeFormatA
GetStringTypeW
IsValidCodePage
CompareStringA
GetLocaleInfoA
GetNumberFormatA
EnumSystemGeoID
GetUserGeoID
ConvertDefaultLocale
SetThreadLocale
GetUserDefaultLangID
GetSystemDefaultLangID
GetSystemDefaultLCID
GetStringTypeExA
GetStringTypeA
GetConsoleCP
GetNumberOfConsoleInputEvents
ReadConsoleInputA
SetConsoleCtrlHandler
FillConsoleOutputAttribute
GenerateConsoleCtrlEvent
FlushConsoleInputBuffer
GetConsoleCursorInfo
SetConsoleCursorInfo
SetConsoleScreenBufferSize
SetConsoleCursorPosition
GetLargestConsoleWindowSize
WriteConsoleOutputCharacterA
ReadConsoleOutputCharacterA
ReadConsoleOutputAttribute
ScrollConsoleScreenBufferA
WriteConsoleOutputA
SetConsoleTitleA
GetNumberOfConsoleMouseButtons
GetConsoleFontSize
GetConsoleWindow
VerLanguageNameA
WriteConsoleW
CloseHandle
CreateFileW
SetFilePointerEx
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
GetProcAddress
lstrcmpA
GetModuleHandleA
HeapReAlloc
HeapSize
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
RtlUnwindEx
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsFree
FreeLibrary
LoadLibraryExW
EncodePointer
RaiseException
RtlPcToFileHeader
WriteFile
GetModuleFileNameW
GetCurrentProcess
TerminateProcess
GetModuleHandleExW
HeapAlloc
HeapFree
FindFirstFileExW
FindNextFileW
GetACP
GetOEMCP
GetCPInfo
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetFileType
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
LCMapStringW
GetProcessHeap

winspool.drv

WritePrinter
FindClosePrinterChangeNotification
FindNextPrinterChangeNotification
FindFirstPrinterChangeNotification
ScheduleJob
ReadPrinter
AbortPrinter

advapi32

DecryptFileA
GetUserNameA

dxgi

CreateDXGIFactory

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fe99e7ecdc5c896e52392c8a198886e3

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

winspool.drv

advapi32

dxgi

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 58KB - Virtual size: 57KB

.data Size: 18KB - Virtual size: 36KB

.pdata Size: 4KB - Virtual size: 3KB

.rsrc Size: 2KB - Virtual size: 1KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 58KB - Virtual size: 57KB

.data
Size: 18KB - Virtual size: 36KB

.pdata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 2KB - Virtual size: 1KB