General
-
Target
JaffaCakes118_729ca5e881b7d03cb1691b722d04d9a12212950c808afa97197fb58d2c89060e
-
Size
4.9MB
-
Sample
241223-28m3ksvlgn
-
MD5
79f917d93112b6885a6119356a2d7195
-
SHA1
8690d12c8160712b588024f4fb9b13663b21f50b
-
SHA256
729ca5e881b7d03cb1691b722d04d9a12212950c808afa97197fb58d2c89060e
-
SHA512
3cd5cfbdd101a76c6b87a39c8b10ca0995a0959b645c47da9c4870b579b9466b779451d86f4b48a282bafb91ba1ca2d8d78baaacf3a31a2e6ca1bc20b6ef2426
-
SSDEEP
98304:H7Zzjbqatb4ahawrNgCNsXksc8tLg9HjeCQsDlfepv92n+1/HITUpioW5n/:bwS/PNgCNsUutaeCQsuw4gUIv/
Static task
static1
Behavioral task
behavioral1
Sample
beb4c0c6486545826c2ec5fa5ba44d02abeb20558e55f47c51366523cacdde27.exe
Resource
win7-20240903-en
Malware Config
Extracted
cryptbot
cempqe34.top
morbug03.top
Targets
-
-
Target
beb4c0c6486545826c2ec5fa5ba44d02abeb20558e55f47c51366523cacdde27
-
Size
6.3MB
-
MD5
6e5e1bac0fa5768a191bde698e4832a1
-
SHA1
9182bc5888b5b64618521260b1aa1f0daecd236d
-
SHA256
beb4c0c6486545826c2ec5fa5ba44d02abeb20558e55f47c51366523cacdde27
-
SHA512
6ae6f422930c3d54bd88d86746d4e6027c280c3a3ceb5f22089512e8da10aad1cc1c7c1c1c524f67f490d332a452d039db88481e97a94d90cb75edf4db09094e
-
SSDEEP
98304:FH7CgqLPRPYv7cZuwYx72XPo0+X86zVwE+F4mTE2h0ysdrPVX+wyDz0CQJX7n+EA:p+gqLKB2p/cwFFdQA0/P1y+x7Hz7hyys
-
Babadeda Crypter
-
Babadeda family
-
Cryptbot family
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Blocklisted process makes network request
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
2