General

  • Target

    JaffaCakes118_1cf25999202dc9426ae5f2e7f77e67dfac062bb1a8a99dd9959b6451f3f499a0

  • Size

    83.9MB

  • Sample

    241223-1bdbfasjgl

  • MD5

    4af39f5f5f586b73c91dae10eb527949

  • SHA1

    0bd19b2327a1365753f555703eb1f20b2ab797f3

  • SHA256

    1cf25999202dc9426ae5f2e7f77e67dfac062bb1a8a99dd9959b6451f3f499a0

  • SHA512

    12ad79eb3b1be3f6e3dfa9a65f4bbba3d2ecf12f46cb360ba1a90e9188571ddc6ae68e25719c5e9b4194e77bdd038dd1cd7ec25187ffc7834c54bf69aa7c22bf

  • SSDEEP

    1572864:yi9S2rG8Xzsjq9+Jt2/JYul9eO+B7bgIykbQJd8Lmseadm14Bqt:yic2Ub2/JYW9eO+B7b5ykbSd8Lmseay5

Malware Config

Targets

    • Target

      PlexDlnaServer.exe

    • Size

      122.5MB

    • MD5

      c893af41e33ca5da0a8acf8ac623c2ae

    • SHA1

      65412f1aa3839e41a00adc2ebc7162880c258be7

    • SHA256

      42ccd61f1357d37d8c439082e195eed6eb0d3a6b060852ce57161b469919f778

    • SHA512

      20474b4ab6e85a7b33d544a5f8cdb5d6b03b86ee67b07a54a17ee6358d51abdcd0711a78999fceb83f971590707c62941f0d2c5d18abc1c091694ea29ceb517f

    • SSDEEP

      3145728:zvTXJ9SA7SJ4rS5rCf5PSiDLJHYbxYUBQDLfy/LEXwzce:zTJsrc56YLJHYVlBQHKN4

    • Babadeda

      Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.

    • Babadeda Crypter

    • Babadeda family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Blocklisted process makes network request

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks