BabbleLoader
Nov. 19, 2024, 10:05 a.m.
Tags
External References
Description
BabbleLoader is a highly evasive malware loader designed to bypass antivirus and sandbox environments to deliver stealers into memory. It employs sophisticated techniques such as junk code insertion, metamorphic transformations, dynamic API resolution, and anti-sandboxing measures. The loader's features include altering its structure to evade detection, resolving necessary functions at runtime, and embedding encrypted malicious code in memory. It targets both English and Russian-speaking individuals through various lure themes, including cracked software and business-related applications. The loader's complexity poses significant challenges for both traditional and AI-based detection systems, making it a versatile tool for cybercriminals.
Date
Published: Nov. 19, 2024, 9:46 a.m.
Created: Nov. 19, 2024, 9:46 a.m.
Modified: Nov. 19, 2024, 10:05 a.m.
Indicators
ffcae0093d509563b47b1d0cef3aa455a4358de3a1d2c2b84c298a927aa238e8
fa292bfcf81223bab0f79d4ce08187e37d68960005629df0241ea22f0b95d7a8
e1448680114cb3dd06aa81a3b1037f77e6d5b3f6dce213aa38cffdec72d59e74
e09c36993e1c29b6ef0f1c73e02aee54686c0df49b6d87b577e70f261313acaf
db282cae419ed5af3338f65f170ecd7b312cac2500b5cb2c8824721ba981c361
d7967661947ca835deddec30ae6e62d580718cbdeafb42cd6d0f038a407edcf0
ca67f61b5f8d20ec3f45dbbfc355045a8ceee15396f1cad032850a3ee23a42b3
bdd6bd29937059dd944fb09163a24e4482c5ce420d3de749e5e46c6c25b2ea86
b72d9ae8484b91ec9c6167e6707617f495622f3b684f6b3e30b29106891c778b
b1ebe1794e091fd82a34d6806f18f64ebadb5d3b2343a661c481fb7c54cb872f
ae6ee6bf2f9890ed83922e5c80770dd88faa9b32b2211462ea2eed29bf1bf6c5
a3b45619606d4c3c487047786e3d51a98fdcc1fdc43dc7b6f6e80974fd0a9c97
a08db4c7b7bacc2bacd1e9a0ac7fbb91306bf83c279582f5ac3570a90e8b0f87
9bf7a01254fed809e0f564f28a3cf54156ea98f85d3b633ae3a213a87f9db143
9fa7574f35fae3d309c8cefe0e8a43d07afb6cefaee0caa3b2538263bd4a7ec5
9125c13250a14905a4fd97978a3a6dbba80df01e73d98f8d4fa2d19b49d9fda0
8d8c3b6be212ce645566311ce95ad9ad3aad37795042882adefda9716deb2eab
8cc2e1104480875ee237bf4ca9f3d83e46ca213f5c88df95be0d78e05c7c2d71
8907a8454ef56d64bf788b9c8c64bbaaf187be7a9666d8d8331fd187c49c6031
7df313618a02e8e9961ddb1c3289956eb18361f1ca9fb639d64a00fae7568a4b
78f6c822cee2b0587df145d67478cce5bbeb76147a7846d08b7b6fd09aa36ce2
6dce9024ec032390ca4294f62cb282a09291cf141cb003f7e0ef23bb7a34bfae
5eb3bb67656d990ceec07f55c78dcd8032a7cf00ac919a399e3642b177f68381
5665c96975c959b5e8057b7aed46f7c203335aefa35f5e290c538e9300e3e293
53e451750c099f33f80a3652d9f2a804390de0f867af13ae22ad0fbf4b15f8c3
4e40aaddf718b70f397d449f8ca9a577ef0106f281ccb50f0b5cde531b758881
4ba95478ea0ac78e038d30693fabf95244bd70e40b36b2a928f3854551d6fa78
47a71eb078b14a92eb5fb990f606aa48e535860af90ebc5e075c8b2e4d829633
46f0e190cd346d1eb6d0c27386bb3aceebf4ad44b25d253cac4063e2ccde9028
466a8af8d0b51ed82aec35b17b845e6baf77ada259aa2fd5591024a01d8e31b5
451e1bec8476a89c7d2b526071fa2918187f2f5b3ba9362e6999114993a74da5
3bf5f07059a24fb803c6fefb874f000e9c300372b1b870e48b4935bd0219fe2b
328d92b71034d74c016b1f8e70217be3f432a2ade8fe44522f84980fd0dbb1f9
2eab850166944175e5fac4c89706328a58dcef55dbc22ff20342d1d246ba76b9
2b6bff7b8c23f1fa526e116c7577c32845d5b969c68a66850c305a351adc9726
25923b822e9a1374817caf79375170b944f2762b1e3f2add921008ffec702740
22866e6ded40916de8002606f82e44ee141f27c3340fa2c4d16514624ee05a72
200289d5a408a2e49a894228edb3324548ca5c5c0283d09486aa287df41f15bc
16200bbe4646fe8cefeee5be20ce55c50300485f3356ab181fb930bd02536709
1367fb270f35512b17fe5e73cc0233ace272daafe15cf94e45f696431f52332f
0f6847d33cb38b0ed6dc1d8cfe3dc5d2e293d91c4880e3b4f5ddb77fd9d4cd1f
052c776fdc9700dfb37f964a73d461a57efad30a01bcf54505d7abcd601e6ff3
643dde3f461907a94f145b3cd8fe37dbad63aec85a4e5ed759fe843b9214a8d2
Attack Patterns
WhiteSnake
BabbleLoader
Meduza
T1027.001
T1027.002
T1497.001
T1571
T1012
T1497
T1106
T1082
T1055
T1140
T1027
T1059