MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cc8f23f2566b9bdc9723d0bc664cd65edbf206f096c596c8c749a769567e3c8b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Babadeda

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	cc8f23f2566b9bdc9723d0bc664cd65edbf206f096c596c8c749a769567e3c8b
SHA3-384 hash:	18b19cfb64a3e94405d4861b1cd309f9af8d89a3e9c33357a69e2927c8f0a257f1e97cc2adf92491709edc737c848eff
SHA1 hash:	5f0de42379d874d64b2ceb3615e5e8715bcc1880
MD5 hash:	1e8ce5705381fdef436f4fae5a30334b
humanhash:	uranus-lion-spring-three
File name:	file
Download:	download sample
Signature	Babadeda Create hunting rule
File size:	21'062'092 bytes
First seen:	2022-12-14 19:23:26 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	9369b8cbf820fedf4c7837b944ee2543 (8 x Babadeda, 1 x Amadey)
ssdeep	393216:ouny2QOlx8ObReD7zx0Er/I8yxcMxQMp9BRgZw2YL:oUyKlN1eD7zx0AvyQQBGZDYL
Threatray	3'282 similar samples on MalwareBazaar
TLSH	T1252733F459E09FE9D2DFB177041D3F77C11020695A509DAEF81A25DB30E2E248ECCAA9
TrID	54.9% (.EXE) UPX compressed Win32 Executable (27066/9/6) 13.3% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 9.1% (.EXE) Win32 Executable (generic) (4505/5/1) 6.0% (.MZP) WinArchiver Mountable compressed Archive (3000/1) 4.2% (.EXE) Win16/32 Executable Delphi generic (2072/23)
File icon (PE):
dhash icon	2e2e5630adc9ce48 (12 x Babadeda)
Reporter	jstrosch
Tags:	Babadeda exe

Intelligence

File Origin

# of uploads :

1

# of downloads :

211

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

1

File name:

file

Verdict:

Malicious activity

Analysis date:

2022-12-14 19:26:13 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/339886ab-e723-4093-8534-8c181a7674d0

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection(s):

PUA.Win.Packer.Upx-49

PUA.Win.Packer.UpxProtector-1

PUA.Win.Adware.Dealply-6619273-0

PUA.Win.Adware.Dealply-6888374-0

Result

Verdict:

Malware

Maliciousness:

Behaviour

Сreating synchronization primitives

Creating a window

Searching for synchronization primitives

Creating a file in the %temp% subdirectories

Delayed reading of the file

Sending a custom TCP request

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

exploit greyware overlay packed shell32.dll

Link:

https://www.filescan.io/uploads/639a22d5c90eaa23594f5d33/reports/4e7391d9-c855-451f-ace5-57e8add73c16/overview

Result

Verdict:

MALICIOUS

Result

Threat name:

Babadeda

Detection:

malicious

Classification:

troj

Score:

56 / 100

Link:

https://www.joesandbox.com/analysis/1134525

Signature

Multi AV Scanner detection for submitted file

Yara detected Babadeda

Behaviour

Behavior Graph:

Gathering data

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=zshsh4swnon5zfzd2c6gmtgwl3n7ebxqs3cznsghjgtwsvt6hsfq._file

Verdict:

unknown

Similar samples:

075811c1b041821aa0902e5035ab2177e6c97c451896ee954d98486d049face6

0a223aa68af0c2af0baabda61d82748629078720a017ef4836f3322a76cb691a

108cad79cd5bd2a947c5b877a55b7d3a6a4ce579aae3f298c0618154c27eb3d4

12505bb6e3c63202f22db1d60afd4a0a386ddff8807bf0d1f8583ba57f6413ba

1c031533f2717560f8bc0cb2019ec55ae7423490e51c811e30b85d382cbff5ec

314259cc43c8619b5f8e1ec548b34b64d6b8084342cdd6d8a970718c2d791da8

8e3b8f65024af32a030d39ff2c8cf2283c4e5bb7904f0792e73703e53181f553

9642c83319b6f287e5feaca3edb50bd447a9cd41cdb88d6e588aa569bff23552

a6cbb0f97a2c34e7f937717c5562483873acc484526b5cad893243dc7450fcb3

+ 3'272 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

8/10

Tags:

upx

Link:

https://tria.ge/reports/221214-x4czlaah52/

Behaviour

Enumerates physical storage devices

UPX packed file

Verdict:

Unknown

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/1c238928-0379-4661-bdd9-0c309e457c1f

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Suspicious File

Score:

0.38

Link:

https://yomi.yoroi.company/submissions/cc8f23f2566b9bdc9723d0bc664cd65edbf206f096c596c8c749a769567e3c8b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe cc8f23f2566b9bdc9723d0bc664cd65edbf206f096c596c8c749a769567e3c8b

(this sample)

Delivery method

Distributed via web download

URLhaus

https://urlhaus.abuse.ch/url/2423779/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample