babbleloader | RUN[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

RUN.exe
Size

2.0MB
MD5

a1e2907bebd8e073c75eaff5fc4dd732
SHA1

33f3cadc6caa143b1d5961e2abdcf42fd01ab497
SHA256

0ad8513b62a778d7e426627be3ed2dbaf00d99b9802a1f566dc9203e3d311fc3
SHA512

52203c0b12f6c89937fc0e415ce305a2f232588e7adb540aeffcc2f157d4d1c6c3efb11d107bd7046746860241cf809264258ec28705a6d9cdf4841fed0f5107
SSDEEP

24576:yKNyoYE5ReKXScvNWl5Zy7gaIK2qODqhvlZPF1x7nzv7PkHafLIsVDRu6yB32/Nt:PyofReK7UgMaJdxDPkHyLFu4YPEZ

Score

10^/10

babbleloader

Malware Config

Signatures

Babbleloader family
babbleloader

Detects BabbleLoader Payload 1 IoCs

resource	yara_rule
sample	family_babbleloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
RUN.exe

Files

RUN.exe
.exe windows:6 windows x64 arch:x64

ae18b2b09a857feb4b3390408f106da3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

FindFirstVolumeW
FindNextVolumeW
FlushFileBuffers
GetDiskFreeSpaceExW
GetDriveTypeW
GetFileAttributesW
GetFileSizeEx
GetLogicalDrives
GetLogicalDriveStringsW
GetShortPathNameW
GetVolumePathNameW
LockFileEx
ReadFile
RemoveDirectoryW
SetEndOfFile
SetFileAttributesW
SetFilePointerEx
SetFileValidData
UnlockFile
WriteFile
GetQueuedCompletionStatus
CancelIo
SleepEx
GetProcessTimes
GetCurrentProcess
ExitProcess
SwitchToThread
GetCurrentThreadId
SetThreadPriority
SetThreadPriorityBoost
ExitThread
GetExitCodeThread
SuspendThread
ResumeThread
SetProcessShutdownParameters
GetStartupInfoW
GetProcessHandleCount
SetProcessPriorityBoost
GetThreadIOPendingFlag
SetThreadIdealProcessor
GetProcessShutdownParameters
SetProcessWorkingSetSize
QueueUserWorkItem
QueryInformationJobObject
SetProcessAffinityMask
SwitchToFiber
ConvertThreadToFiber
SetThreadAffinityMask
SetFileShortNameW
PrepareTape
SetTapeParameters
lstrcpynW
BackupSeek
CheckNameLegalDOS8Dot3W
MoveFileWithProgressW
SetVolumeLabelW
FindNextVolumeMountPointW
GetNumaProcessorNode
GetNumaAvailableMemoryNode
CompareStringW
GetStringTypeW
IsValidCodePage
GetCPInfo
FindFirstFileExW
GetLocaleInfoW
SetLocaleInfoW
IsValidLanguageGroup
EnumSystemGeoID
GetUserGeoID
SetUserGeoID
ConvertDefaultLocale
GetSystemDefaultUILanguage
GetThreadLocale
SetThreadLocale
GetUserDefaultLangID
GetUserDefaultLCID
GetStringTypeA
EnumUILanguagesW
SetConsoleMode
ReadConsoleInputW
PeekConsoleInputW
WriteConsoleW
SetConsoleCtrlHandler
SetConsoleActiveScreenBuffer
SetConsoleCP
GetConsoleCursorInfo
GetConsoleScreenBufferInfo
SetConsoleScreenBufferSize
SetConsoleWindowInfo
WriteConsoleOutputCharacterW
WriteConsoleOutputAttribute
ReadConsoleOutputCharacterW
ScrollConsoleScreenBufferW
ReadConsoleOutputW
GetNumberOfConsoleMouseButtons
GetConsoleFontSize
GetConsoleSelectionInfo
GetConsoleProcessList
CloseHandle
CreateFileW
GetConsoleMode
GetConsoleOutputCP
HeapReAlloc
HeapSize
GetProcessHeap
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetFileType
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
FindFirstFileW
FindClose
DefineDosDeviceW
GetCurrentDirectoryW
SetCurrentDirectoryW
GetEnvironmentVariableW
LCMapStringW
GetModuleHandleA
FindNextFileW
HeapFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetModuleHandleW
RtlUnwindEx
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
EncodePointer
RaiseException
RtlPcToFileHeader
GetStdHandle
GetModuleFileNameW
TerminateProcess
GetModuleHandleExW
HeapAlloc

winspool.drv

SetPrinterDataExW
ResetPrinterW
ConnectToPrinterDlg
SetPortW
ConfigurePortW
EnumFormsW
SetFormW
GetFormW
EnumPrintersW
SetPrinterDataW
EnumPrinterKeyW
EnumPrinterDataExW
EnumPrinterDataW
GetPrinterDataExW
GetPrinterDataW
FlushPrinter
GetPrinterW
SetPrinterW
EnumJobsW
GetJobW
SetJobW

version

VerInstallFileW
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
VerFindFileW

comctl32

ord412
ord410
ord14
ord15
ord13
PropertySheetW
ord413

dxgi

CreateDXGIFactory

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ae18b2b09a857feb4b3390408f106da3

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

winspool.drv

version

comctl32

dxgi

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rdata Size: 44KB - Virtual size: 43KB

.data Size: 4KB - Virtual size: 23KB

.pdata Size: 4KB - Virtual size: 3KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 44KB - Virtual size: 43KB

.data
Size: 4KB - Virtual size: 23KB

.pdata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB