{
  "name": "BabbleLoader",
  "slug": "babbleloader",
  "description": "BabbleLoader is a highly evasive malware loader designed to bypass antivirus and sandbox environments to deliver stealers into memory. It employs sophisticated techniques such as junk code insertion, metamorphic transformations, dynamic API resolution, and anti-sandboxing measures. The loader's features include altering its structure to evade detection, resolving necessary functions at runtime, and embedding encrypted malicious code in memory. It targets both English and Russian-speaking individuals through various lure themes, including cracked software and business-related applications. The loader's complexity poses significant challenges for both traditional and AI-based detection systems, making it a versatile tool for cybercriminals.",
  "published": "2024-11-19T08:46:13+00:00",
  "created_at": "2024-11-19T08:46:13+00:00",
  "modified_at": "2024-11-19T09:05:42+00:00",
  "created_at_opencti": "2024-11-19T08:46:13+00:00",
  "author": "",
  "confidence": null,
  "report_types": [],
  "labels": [],
  "tags": [
    "2024-11-19",
    "anti-sandboxing",
    "babbleloader",
    "dynamic api resolution",
    "evasion techniques",
    "loader",
    "meduza",
    "metamorphism",
    "stealer",
    "whitesnake"
  ],
  "related_entities": {
    "observables": [
      {
        "id": "",
        "name": "ffcae0093d509563b47b1d0cef3aa455a4358de3a1d2c2b84c298a927aa238e8"
      },
      {
        "id": "",
        "name": "fa292bfcf81223bab0f79d4ce08187e37d68960005629df0241ea22f0b95d7a8"
      },
      {
        "id": "",
        "name": "e1448680114cb3dd06aa81a3b1037f77e6d5b3f6dce213aa38cffdec72d59e74"
      },
      {
        "id": "",
        "name": "e09c36993e1c29b6ef0f1c73e02aee54686c0df49b6d87b577e70f261313acaf"
      },
      {
        "id": "",
        "name": "db282cae419ed5af3338f65f170ecd7b312cac2500b5cb2c8824721ba981c361"
      },
      {
        "id": "",
        "name": "d7967661947ca835deddec30ae6e62d580718cbdeafb42cd6d0f038a407edcf0"
      },
      {
        "id": "",
        "name": "ca67f61b5f8d20ec3f45dbbfc355045a8ceee15396f1cad032850a3ee23a42b3"
      },
      {
        "id": "",
        "name": "bdd6bd29937059dd944fb09163a24e4482c5ce420d3de749e5e46c6c25b2ea86"
      },
      {
        "id": "",
        "name": "b72d9ae8484b91ec9c6167e6707617f495622f3b684f6b3e30b29106891c778b"
      },
      {
        "id": "",
        "name": "b1ebe1794e091fd82a34d6806f18f64ebadb5d3b2343a661c481fb7c54cb872f"
      },
      {
        "id": "",
        "name": "ae6ee6bf2f9890ed83922e5c80770dd88faa9b32b2211462ea2eed29bf1bf6c5"
      },
      {
        "id": "",
        "name": "a3b45619606d4c3c487047786e3d51a98fdcc1fdc43dc7b6f6e80974fd0a9c97"
      },
      {
        "id": "",
        "name": "a08db4c7b7bacc2bacd1e9a0ac7fbb91306bf83c279582f5ac3570a90e8b0f87"
      },
      {
        "id": "",
        "name": "9bf7a01254fed809e0f564f28a3cf54156ea98f85d3b633ae3a213a87f9db143"
      },
      {
        "id": "",
        "name": "9fa7574f35fae3d309c8cefe0e8a43d07afb6cefaee0caa3b2538263bd4a7ec5"
      },
      {
        "id": "",
        "name": "9125c13250a14905a4fd97978a3a6dbba80df01e73d98f8d4fa2d19b49d9fda0"
      },
      {
        "id": "",
        "name": "8d8c3b6be212ce645566311ce95ad9ad3aad37795042882adefda9716deb2eab"
      },
      {
        "id": "",
        "name": "8cc2e1104480875ee237bf4ca9f3d83e46ca213f5c88df95be0d78e05c7c2d71"
      },
      {
        "id": "",
        "name": "8907a8454ef56d64bf788b9c8c64bbaaf187be7a9666d8d8331fd187c49c6031"
      },
      {
        "id": "",
        "name": "7df313618a02e8e9961ddb1c3289956eb18361f1ca9fb639d64a00fae7568a4b"
      },
      {
        "id": "",
        "name": "78f6c822cee2b0587df145d67478cce5bbeb76147a7846d08b7b6fd09aa36ce2"
      },
      {
        "id": "",
        "name": "6dce9024ec032390ca4294f62cb282a09291cf141cb003f7e0ef23bb7a34bfae"
      },
      {
        "id": "",
        "name": "5eb3bb67656d990ceec07f55c78dcd8032a7cf00ac919a399e3642b177f68381"
      },
      {
        "id": "",
        "name": "5665c96975c959b5e8057b7aed46f7c203335aefa35f5e290c538e9300e3e293"
      },
      {
        "id": "",
        "name": "53e451750c099f33f80a3652d9f2a804390de0f867af13ae22ad0fbf4b15f8c3"
      },
      {
        "id": "",
        "name": "4e40aaddf718b70f397d449f8ca9a577ef0106f281ccb50f0b5cde531b758881"
      },
      {
        "id": "",
        "name": "4ba95478ea0ac78e038d30693fabf95244bd70e40b36b2a928f3854551d6fa78"
      },
      {
        "id": "",
        "name": "47a71eb078b14a92eb5fb990f606aa48e535860af90ebc5e075c8b2e4d829633"
      },
      {
        "id": "",
        "name": "46f0e190cd346d1eb6d0c27386bb3aceebf4ad44b25d253cac4063e2ccde9028"
      },
      {
        "id": "",
        "name": "466a8af8d0b51ed82aec35b17b845e6baf77ada259aa2fd5591024a01d8e31b5"
      },
      {
        "id": "",
        "name": "451e1bec8476a89c7d2b526071fa2918187f2f5b3ba9362e6999114993a74da5"
      },
      {
        "id": "",
        "name": "3bf5f07059a24fb803c6fefb874f000e9c300372b1b870e48b4935bd0219fe2b"
      },
      {
        "id": "",
        "name": "328d92b71034d74c016b1f8e70217be3f432a2ade8fe44522f84980fd0dbb1f9"
      },
      {
        "id": "",
        "name": "2eab850166944175e5fac4c89706328a58dcef55dbc22ff20342d1d246ba76b9"
      },
      {
        "id": "",
        "name": "2b6bff7b8c23f1fa526e116c7577c32845d5b969c68a66850c305a351adc9726"
      },
      {
        "id": "",
        "name": "25923b822e9a1374817caf79375170b944f2762b1e3f2add921008ffec702740"
      },
      {
        "id": "",
        "name": "22866e6ded40916de8002606f82e44ee141f27c3340fa2c4d16514624ee05a72"
      },
      {
        "id": "",
        "name": "200289d5a408a2e49a894228edb3324548ca5c5c0283d09486aa287df41f15bc"
      },
      {
        "id": "",
        "name": "16200bbe4646fe8cefeee5be20ce55c50300485f3356ab181fb930bd02536709"
      },
      {
        "id": "",
        "name": "1367fb270f35512b17fe5e73cc0233ace272daafe15cf94e45f696431f52332f"
      },
      {
        "id": "",
        "name": "0f6847d33cb38b0ed6dc1d8cfe3dc5d2e293d91c4880e3b4f5ddb77fd9d4cd1f"
      },
      {
        "id": "",
        "name": "052c776fdc9700dfb37f964a73d461a57efad30a01bcf54505d7abcd601e6ff3"
      },
      {
        "id": "",
        "name": "643dde3f461907a94f145b3cd8fe37dbad63aec85a4e5ed759fe843b9214a8d2"
      }
    ],
    "malware": [
      {
        "id": "legacy:malware:c797fde806f0e106",
        "name": "WhiteSnake",
        "slug": "whitesnake"
      },
      {
        "id": "5d1dd491-ff00-49c2-b855-cc09c76eb96e",
        "name": "BabbleLoader",
        "slug": "babbleloader"
      },
      {
        "id": "legacy:malware:b10e7386667c9788",
        "name": "Meduza",
        "slug": "meduza"
      }
    ],
    "attack_patterns": [
      {
        "id": "8634c845-2e3a-4ea5-a9a3-6f694468408c",
        "name": "T1027.001"
      },
      {
        "id": "e1b18ecf-d74e-4fe6-9bd4-ca6a62e7d818",
        "name": "T1027.002"
      },
      {
        "id": "05ac27d4-58d0-44b2-a984-cd5aefd1f7f9",
        "name": "T1497.001"
      },
      {
        "id": "16e26db7-7376-40c1-b8a9-23d56c44f7ee",
        "name": "T1571"
      },
      {
        "id": "93b2c4dd-5523-4464-8976-78754ee372fd",
        "name": "T1012"
      },
      {
        "id": "32817170-4c07-427e-b8a5-80a733ae2550",
        "name": "T1497"
      },
      {
        "id": "60972cf6-e90b-4600-af3c-13c468391d9c",
        "name": "T1106"
      },
      {
        "id": "70616b2f-4019-4963-b758-5d9f6f20e201",
        "name": "T1082"
      },
      {
        "id": "c3af9fd7-d307-4df4-9220-cc627938fb85",
        "name": "T1055"
      },
      {
        "id": "0156fcda-e385-4662-b388-086c3e16feec",
        "name": "T1140"
      },
      {
        "id": "0c836307-129e-4ff7-a532-180c633cacba",
        "name": "T1027"
      },
      {
        "id": "9b6064e6-a05b-4e95-baf5-34d180bc9221",
        "name": "T1059"
      }
    ]
  },
  "external_refs": [
    "https://intezer.com/blog/research/babble-babble-babble-babble-babble-babble-babbleloader/",
    "https://otx.alienvault.com/pulse/673c5e65a52ee3b9c576d6f0"
  ]
}