MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 80af29bf7cb3a8b904a8d11d34c13bd5a2dcf5b4798138c16c093b2b8a5a9105. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Babadeda


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 80af29bf7cb3a8b904a8d11d34c13bd5a2dcf5b4798138c16c093b2b8a5a9105
SHA3-384 hash: cf29f5aa139e96d39a2e53835778029b9b068930c854375d2d37600aa126122fe98694587a4fd78635fc9b9d1e4b00c1
SHA1 hash: a01b8d4e92303d8000e7f4fb4295a62d6d9c078f
MD5 hash: 4e12842ae68b60517f385314ccfa4d2f
humanhash: island-lithium-emma-delaware
File name:63164486.exe
Download: download sample
Signature Babadeda
Create hunting rule
File size:357'376 bytes
First seen:2022-03-22 05:23:27 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 2c5f2513605e48f2d8ea5440a870cb9e (60 x Babadeda, 6 x AveMariaRAT, 5 x CoinMiner)
ssdeep 6144:XBlkZvaF4NTBbALJPPkj27/Hd3edEqyuFlABsp47eL7/sPxcvAd8R1YA:XoSWNTRALd97/ZeOaFlBaSLL1VcA
Threatray 123 similar samples on MalwareBazaar
TLSH T184740115F3E141F2E6E1047101FB326F9736A7244764A9EFC79C2E92A513AC1A63D2F8
Reporter adm1n_usa32
Tags:Babadeda exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
213
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/253994/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.34587420.17402.2208.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Creating a file in the %temp% subdirectories
Running batch commands
Creating a process from a recently created file
Creating a window
Sending an HTTP GET request
DNS request
Sending a custom TCP request
Query of malicious DNS domain
Sending a TCP request to an infection source
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/10338/overview
Behaviour
MalwareBazaar
CPUID_Instruction
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
packed shell32.dll
Link:
https://www.filescan.io/uploads/62395d75b94fb38cb4caf48c/reports/4c476e56-c34e-45b1-90d5-ca52d0bc165a/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/81fe89e1-751c-4e19-a651-8d12b6ffaf5a
Result
Threat name:
Babadeda
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
57 / 100
Link:
https://www.joesandbox.com/analysis/961385
Signature
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Uses BatToExe to download additional code
Yara detected Babadeda
Yara detected BatToExe compiled binary
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 593865 Sample: 63164486.exe Startdate: 22/03/2022 Architecture: WINDOWS Score: 57 29 Multi AV Scanner detection for submitted file 2->29 31 Yara detected Babadeda 2->31 33 Machine Learning detection for sample 2->33 35 Yara detected BatToExe compiled binary 2->35 7 63164486.exe 9 2->7         started        process3 file4 25 C:\Users\user\AppData\Local\Temp\...\extd.exe, PE32 7->25 dropped 10 cmd.exe 1 3 7->10         started        13 conhost.exe 7->13         started        process5 signatures6 37 Uses BatToExe to download additional code 10->37 15 extd.exe 1 10->15         started        18 extd.exe 2 10->18         started        21 extd.exe 2 10->21         started        23 extd.exe 1 10->23         started        process7 dnsIp8 39 Multi AV Scanner detection for dropped file 15->39 27 transfer.sh 144.76.136.153, 443, 49766, 49767 HETZNER-ASDE Germany 18->27 signatures9
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/80af29bf7cb3a8b904a8d11d34c13bd5a2dcf5b4798138c16c093b2b8a5a9105/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2022-03-16 15:08:46 UTC
File Type:
PE (Exe)
Extracted files:
3
AV detection:
28 of 42 (66.67%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
39233ad29392ccae0a5f1a13569d11baf3b942b57dd01de2ec15288beb8ec02c
Babadeda
3b6cbb6fde5051e6ec3ad23789968670c68f3ef82d8febe258e223c1487f42c4
Babadeda
4710c5debc1ad17a85ef82676a4b6b7e15054966de57b0f4bab61c4ede209830
Babadeda
6e34f951634493ec7a71e5c3418ed7d973ffc87351a5459722e04016c94b1471
Babadeda
6fc704900ddda4e22fd10ae2bf066c403a2567ce830d1b8fe7721231414382b7
Babadeda
83ae57bdc0f817111ab909f54ec0f33b84f6504596d2a55adf39a16c5cf1afc0
Babadeda
972d533e4df0786799c0e7c914aa6c04870753c10757c5d58cd874b92a7f4739
Babadeda
e7587776adecf859e137e7af3da4b9b6fd9428e6f89cc48d3a63886d490baaca
Babadeda
ed770464373d7578963c4f42cacca5e9b3094443a1666d1fa02fad0f4420f4f9
Babadeda
+ 113 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
suricata upx
Link:
https://tria.ge/reports/220322-f3qevsaghp/
Behaviour
Suspicious behavior: CmdExeWriteProcessMemorySpam
Suspicious use of WriteProcessMemory
Executes dropped EXE
UPX packed file
suricata: ET MALWARE Single char EXE direct download likely trojan (multiple families)
Unpacked files
SH256 hash:
2c8d81267069cd94c91d996c3848bd0d299573b561577ed6700704e6d19aae98
MD5 hash:
71cb128d84696a4c868db98ba7974416
SHA1 hash:
cd3aad16e23a2994fc7b957db151039625267e63
Link:
https://www.unpac.me/results/3024c721-d526-4918-a8b8-4e5723f098f4/
SH256 hash:
80af29bf7cb3a8b904a8d11d34c13bd5a2dcf5b4798138c16c093b2b8a5a9105
MD5 hash:
4e12842ae68b60517f385314ccfa4d2f
SHA1 hash:
a01b8d4e92303d8000e7f4fb4295a62d6d9c078f
Link:
https://www.unpac.me/results/3024c721-d526-4918-a8b8-4e5723f098f4/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/80af29bf7cb3a8b904a8d11d34c13bd5a2dcf5b4798138c16c093b2b8a5a9105

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/253994/

Comments