MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4fe08cc381f8f4ea6e3d8e34fddf094193ccbbcc1cae7217f0233893b9c566a2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Babadeda


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4fe08cc381f8f4ea6e3d8e34fddf094193ccbbcc1cae7217f0233893b9c566a2
SHA3-384 hash: 82806aee788c11c5581ce35787ffc9a2b0153b907c18d99a4253fe5f0de226ebb02073eac3efe0ae663923e49217de33
SHA1 hash: 6c31649e2dc18a9432b19e52ce7bf2014959be88
MD5 hash: 69a5fc20b7864e6cf84d0383779877a5
humanhash: may-march-zulu-saturn
File name:1.exe
Download: download sample
Signature Babadeda
Create hunting rule
File size:91'136 bytes
First seen:2022-03-26 06:48:48 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 2c5f2513605e48f2d8ea5440a870cb9e (60 x Babadeda, 6 x AveMariaRAT, 5 x CoinMiner)
ssdeep 1536:/7fbN3eEDhDPA/pICdUkbBtW7upvaLU0bI5taxKo0IOlnToIfawrOw:z7DhdC6kzWypvaQ0FxyNTBfa+
Threatray 1'611 similar samples on MalwareBazaar
TLSH T1A4936D41F3E202F7EAF2053100A6726F973663389764A8DBC74C2D529913AD5A63D3F9
Reporter tech_skeech
Tags:Babadeda exe HawkEye

Intelligence

File Origin
# of uploads :
1
# of downloads :
261
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
hawkeye
Create hunting rule
ID:
1
File name:
rip.rar
Verdict:
Malicious activity
Analysis date:
2022-03-22 00:56:27 UTC
Tags:
encrypted maldoc-57 evasion trojan opendir loader exploit CVE-2017-11882 keylogger hawkeye ransomware rat backdoor dcrat fareit pony stealer njrat bladabindi maze wannacry wannacryptor formbook sinkhole
Link:
https://app.any.run/tasks/d4fb17ce-71ca-4742-9dcd-453705b7e2d6

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/257995/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.34587420.17402.2208.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Creating a file in the %temp% subdirectories
Running batch commands
Launching a process
Forced system process termination
Unauthorized injection to a recently created process
Searching for the browser window
DNS request
Sending a custom TCP request
Searching for synchronization primitives
Creating a file in the system32 subdirectories
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/11497/overview
Behaviour
MalwareBazaar
CPUID_Instruction
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
packed shell32.dll
Link:
https://www.filescan.io/uploads/623eb7741f204239482f957b/reports/a6c3fa69-e356-4b21-a941-6f960d9301a3/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/6e90552d-e206-465a-afa9-3b723d7f9787
Result
Threat name:
Babadeda
Create hunting rule
Detection:
malicious
Classification:
troj
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/965028
Signature
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Yara detected Babadeda
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4fe08cc381f8f4ea6e3d8e34fddf094193ccbbcc1cae7217f0233893b9c566a2/
Threat name:
Win32.PUA.Uwamson
Create hunting rule
Status:
Malicious
First seen:
2022-03-08 11:55:00 UTC
File Type:
PE (Exe)
Extracted files:
3
AV detection:
21 of 42 (50.00%)
Threat level:
  1/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=j7qizq4b7d2ou3r5ry2p3xyjigj4zo6mdsxhef7qem4jhoofm2ra._file
Verdict:
malicious
Similar samples:
3b6cbb6fde5051e6ec3ad23789968670c68f3ef82d8febe258e223c1487f42c4
Babadeda
6fc704900ddda4e22fd10ae2bf066c403a2567ce830d1b8fe7721231414382b7
Babadeda
80af29bf7cb3a8b904a8d11d34c13bd5a2dcf5b4798138c16c093b2b8a5a9105
Babadeda
83ae57bdc0f817111ab909f54ec0f33b84f6504596d2a55adf39a16c5cf1afc0
Babadeda
993afa5ca786935ff44f01d5495e0583034008d30d93eaac100e6d4325dfb89d
Babadeda
b3c03dc87f759a1b0336cb34993bed8d35f9b4e5b28295ff57ebb968875d14e9
Babadeda
cdd4ab01797a178b70303381028cb419a8550a15fa75bdb40f6d56bc289b7dcf
Babadeda
e7587776adecf859e137e7af3da4b9b6fd9428e6f89cc48d3a63886d490baaca
Babadeda
+ 1'601 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  6/10
Tags:
persistence
Link:
https://tria.ge/reports/220326-hlctjsebdl/
Behaviour
Enumerates system info in registry
Modifies Internet Explorer settings
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Drops file in Program Files directory
Adds Run key to start application
Legitimate hosting services abused for malware hosting/C2
Unpacked files
SH256 hash:
4fe08cc381f8f4ea6e3d8e34fddf094193ccbbcc1cae7217f0233893b9c566a2
MD5 hash:
69a5fc20b7864e6cf84d0383779877a5
SHA1 hash:
6c31649e2dc18a9432b19e52ce7bf2014959be88
Link:
https://www.unpac.me/results/9349afd9-869d-44f0-b39b-6dcc2c190e4b/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/4fe08cc381f8f4ea6e3d8e34fddf094193ccbbcc1cae7217f0233893b9c566a2

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Babadeda

Executable exe 4fe08cc381f8f4ea6e3d8e34fddf094193ccbbcc1cae7217f0233893b9c566a2

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/257995/

Comments