MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 12a36301b6e64f51063aca4beeb5c3bcfa3b38787332fe0bfdda806777a43720. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Babadeda


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 12a36301b6e64f51063aca4beeb5c3bcfa3b38787332fe0bfdda806777a43720
SHA3-384 hash: c9fc2b1f34e077051f70b296f216f9e3eafddbe4629bc04b6f7086a8964df7095dc6fd63627c175529acaf0cd6e8f0ff
SHA1 hash: 1126b733be6207d2d7dbb27ddeab1da5ee76d6df
MD5 hash: 901b40870c0d6539f9d81eec7b34e617
humanhash: nitrogen-network-double-alpha
File name:EXC.exe
Download: download sample
Signature Babadeda
Create hunting rule
File size:4'072'960 bytes
First seen:2022-06-23 12:26:21 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 5877688b4859ffd051f6be3b8e0cd533 (119 x Babadeda, 2 x DCRat, 2 x RedLineStealer)
ssdeep 98304:qTTqLCSU545gJoeFiue5KeDtuRz49Hp3rKLi+AAR:qSCF545gJn5eZDMZ6xKe8R
Threatray 2'050 similar samples on MalwareBazaar
TLSH T1CD16330EE3F08A32E3C2067259FDBA75122F566C1B1219C7D77F368260152D4687A7BD
TrID 37.8% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
20.0% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
12.7% (.EXE) Win64 Executable (generic) (10523/12/4)
7.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
6.1% (.EXE) Win16 NE executable (generic) (5038/12/1)
Reporter Anonymous
Tags:Babadeda exe


Avatar
Anonymous
Retrieved from: https://mega.nz/file/VmgD1ayA#KIDsnscV309OWmEr_eBWLTyV8d7e2F0ymqRj0-Vgsjo

Intelligence

File Origin
# of uploads :
1
# of downloads :
256
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/282634/
Result
Verdict:
Suspicious
Maliciousness:

Behaviour
Creating a file in the %temp% subdirectories
Сreating synchronization primitives
Running batch commands
Creating a process with a hidden window
Creating a process from a recently created file
Searching for the window
Launching cmd.exe command interpreter
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/22470/overview
Behaviour
MalwareBazaar
CPUID_Instruction
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
packed shell32.dll
Link:
https://www.filescan.io/uploads/62b45c1a62d792dc573f0d9b/reports/98ebba0f-6db8-4ea4-b731-104a290c8f17/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/cb367e29-bb3a-4cde-9391-0999ffdc816e
Result
Threat name:
Babadeda
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/1018623
Signature
Detected unpacking (overwrites its own PE header)
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Yara detected Babadeda
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 651119 Sample: EXC.exe Startdate: 23/06/2022 Architecture: WINDOWS Score: 72 27 Multi AV Scanner detection for dropped file 2->27 29 Yara detected Babadeda 2->29 31 Machine Learning detection for sample 2->31 33 Machine Learning detection for dropped file 2->33 7 EXC.exe 16 2->7         started        process3 file4 19 C:\Users\user\AppData\Local\Temp\...XC.exe, PE32 7->19 dropped 21 C:\Users\user\AppData\Local\...\taskbar.exe, PE32 7->21 dropped 23 C:\Users\user\...\resolution-changer.exe, PE32 7->23 dropped 25 3 other files (none is malicious) 7->25 dropped 35 Detected unpacking (overwrites its own PE header) 7->35 11 cmd.exe 1 7->11         started        signatures5 process6 process7 13 conhost.exe 11->13         started        15 cmd.exe 1 11->15         started        17 taskbar.exe 11->17         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/12a36301b6e64f51063aca4beeb5c3bcfa3b38787332fe0bfdda806777a43720/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2022-06-23 12:27:15 UTC
File Type:
PE (Exe)
Extracted files:
3
AV detection:
11 of 26 (42.31%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ckrwganw4zhvcbr2zjf65nodxt5dwodyomzp4c753kago55eg4qa._file
Verdict:
malicious
Similar samples:
266a45969422bf72c70f51789a21f70f175f12a1e8b387b0dfcf6bf3f71c68e4
Babadeda
39233ad29392ccae0a5f1a13569d11baf3b942b57dd01de2ec15288beb8ec02c
Babadeda
4af7e9ab79d451adaa60f6ce0837113da64398b9ab9dbfd31521549c8719dfa1
Babadeda
68468e56e132b170aabb28e2868b1dbd0bf40f14c0b0406fe78ad3c71ce9f527
Babadeda
98eaad7740c03a9ebdf1c694333de75adf6edab153bc6457d354d2a6457d093f
Babadeda
bb9f047f33e2dd16aa3b8fd1b43f3719cedbc671f66b5aaf70139a63e015e754
Babadeda
cd44397176993e5f5f33754c4300b5735f3fd7859506d0647689aa7759ebe9cc
Babadeda
eda69c9baceb0b4fc02c469aac89bc73b006efb2041390eb4270e56a8ced0265
Babadeda
ee0e754ae6cc20656a4c2a4f43b25978fa0d725136a880b7924c1395f6b30e9b
Babadeda
+ 2'040 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/220623-pmq6wschgj/
Behaviour
Suspicious behavior: CmdExeWriteProcessMemorySpam
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Checks computer location settings
Executes dropped EXE
Unpacked files
SH256 hash:
a6e20e4080427bbccb85f36535de031f1670b52996e7f1dafc3fa25e77b7a502
MD5 hash:
7fb60472ad4f0c3763582b547c406fa8
SHA1 hash:
47d27344ec8b8569b059b4ddca455def2cda2533
Link:
https://www.unpac.me/results/cf458818-297c-409a-a64c-5338e8d7d2a2/
SH256 hash:
12a36301b6e64f51063aca4beeb5c3bcfa3b38787332fe0bfdda806777a43720
MD5 hash:
901b40870c0d6539f9d81eec7b34e617
SHA1 hash:
1126b733be6207d2d7dbb27ddeab1da5ee76d6df
Link:
https://www.unpac.me/results/cf458818-297c-409a-a64c-5338e8d7d2a2/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/12a36301b6e64f51063aca4beeb5c3bcfa3b38787332fe0bfdda806777a43720

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Babadeda

Executable exe 12a36301b6e64f51063aca4beeb5c3bcfa3b38787332fe0bfdda806777a43720

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/282634/

Comments