babadeda

General

Target

JaffaCakes118_f0b05b2333d9f421e29ea1c9d0ba0260
Size

7.5MB
Sample

250110-24eweaskdx
MD5

f0b05b2333d9f421e29ea1c9d0ba0260
SHA1

aa657e8ee8f4fa0e68bb15f980344dfd8e9561df
SHA256

ebaa5af691e844929d2cad60baf36b118db3fc4b0616ce8b9585838aaf4c34b6
SHA512

66db04869cd2d704c6da6958a708cb3aa17fc70eff9f8be98fe269e6ddac1015347cbc1c10d2bcda52bc1cf31ae42e49085561d817c32e29d7e575b4ce945875
SSDEEP

196608:pOWD5akOJ3Vekcb2tOaD3c5izrT8uKYRpA6mUcy4Jn:s05AV2AFDM5iPfAB/t

Score

10^/10

Malware Config

Extracted

Family

cryptbot

C2

veocou63.top

morizu06.top

Attributes

payload_url
http://tynpdi08.top/download.php?file=loungy.exe

Targets

- Target
  
  JaffaCakes118_f0b05b2333d9f421e29ea1c9d0ba0260
- Size
  
  7.5MB
- MD5
  
  f0b05b2333d9f421e29ea1c9d0ba0260
- SHA1
  
  aa657e8ee8f4fa0e68bb15f980344dfd8e9561df
- SHA256
  
  ebaa5af691e844929d2cad60baf36b118db3fc4b0616ce8b9585838aaf4c34b6
- SHA512
  
  66db04869cd2d704c6da6958a708cb3aa17fc70eff9f8be98fe269e6ddac1015347cbc1c10d2bcda52bc1cf31ae42e49085561d817c32e29d7e575b4ce945875
- SSDEEP
  
  196608:pOWD5akOJ3Vekcb2tOaD3c5izrT8uKYRpA6mUcy4Jn:s05AV2AFDM5iPfAB/t
Score

10^/10

babadeda cryptbot crypter discovery loader spyware stealer
- Babadeda
  Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.
  loader crypter babadeda
- Babadeda Crypter
- Babadeda family
  babadeda
- CryptBot
  CryptBot is a C++ stealer distributed widely in bundle with other software.
  spyware stealer cryptbot
- Cryptbot family
  cryptbot
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2
- Target
  
  AdvBackup.msi
- Size
  
  7.7MB
- MD5
  
  25ad5262c29d2ea7404bda26ef0188bd
- SHA1
  
  83f9194b6224defe5827c94c67c2d32808d71919
- SHA256
  
  a45f49a2506f2353a72a287630f6ce1ab002554c75fc65a19321366bdd29ed0f
- SHA512
  
  7c990871346fe2e9d18cb4a46cd8f7cec07f1d4d5430362f2c6c60d2cbd34ac3cc61da121e50cba5f3a3a964876e6f4dd34c5a93344daae959e0fe030d532088
- SSDEEP
  
  196608:Ou6xR3okM5G6HO1XvOJeQDlG73LDl8cgdtNb4Ccgyftd:Ou6n3O5G6H8/YND873nyZrIt
Score

10^/10

babadeda cryptbot crypter discovery loader persistence privilege_escalation spyware stealer
- Babadeda
  Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.
  loader crypter babadeda
- Babadeda Crypter
- Babadeda family
  babadeda
- CryptBot
  CryptBot is a C++ stealer distributed widely in bundle with other software.
  spyware stealer cryptbot
- Cryptbot family
  cryptbot
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral3 behavioral4