General
-
Target
abf4910e33aafff7152c179aaeea56b144530093e3918e82c548d7627ac99217
-
Size
3.2MB
-
Sample
240921-smbb8ayenf
-
MD5
4fb7da99fc2102b481dfee0b95f96b90
-
SHA1
c6637560e4ac197bd1ebdf5e6b394fc1c335a942
-
SHA256
abf4910e33aafff7152c179aaeea56b144530093e3918e82c548d7627ac99217
-
SHA512
1c94f40ad2a48f22caf380df34dd1ce4036bbb733e6b5679a6063e868d7a53621433a5d789451b2c5d5eefe78064229f832bd3f7cf47b774c04b489ffa1d31c0
-
SSDEEP
49152:hhSNGMwVbnURJs4hrqLDBttkL6R6JEl4EQo5AzwwxYXjqkNRfDUcDd+XFVD:hyezUUImLjfR6JeQyAsXJNRrNhcFVD
Malware Config
Targets
-
-
Target
abf4910e33aafff7152c179aaeea56b144530093e3918e82c548d7627ac99217
-
Size
3.2MB
-
MD5
4fb7da99fc2102b481dfee0b95f96b90
-
SHA1
c6637560e4ac197bd1ebdf5e6b394fc1c335a942
-
SHA256
abf4910e33aafff7152c179aaeea56b144530093e3918e82c548d7627ac99217
-
SHA512
1c94f40ad2a48f22caf380df34dd1ce4036bbb733e6b5679a6063e868d7a53621433a5d789451b2c5d5eefe78064229f832bd3f7cf47b774c04b489ffa1d31c0
-
SSDEEP
49152:hhSNGMwVbnURJs4hrqLDBttkL6R6JEl4EQo5AzwwxYXjqkNRfDUcDd+XFVD:hyezUUImLjfR6JeQyAsXJNRrNhcFVD
Score10/10-
Bdaejec
Bdaejec is a backdoor written in C++.
-
Detects Bdaejec Backdoor.
Bdaejec is backdoor written in C++.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
ASPack v2.12-2.42
Detects executables packed with ASPack v2.12-2.42
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-