bdaejec

General

Target

q1kuiv.rar
Size

2.3MB
Sample

240927-xbw7rswgmb
MD5

35bd5e55c0b4841b3dbf3872e768aac7
SHA1

eab5991a78947ac80a94a5e0d837e30414960ee7
SHA256

cfa5c7404f63d519045ea11917e047521f2f3d85dd276286843063b0eac84b27
SHA512

88774b9b3292a8af57a54db7761fed13b7647787cb0d27b97afb168364794f056a82cc40759751d12c7bf975af067481dcfa28431e0d4183b8688ce208279e5d
SSDEEP

49152:yUz+SJFW6EW0yWUq8Y0eH2ml4SC7MtVda4LHYCK/pbKL0GyXs8qDoAjCWW+:y0FJL0yWUqrx2pdodTLDK/p3XlmG6

Score

10^/10

Malware Config

Extracted

Family

bdaejec

C2

ddos.dnsnb8.net

Targets

- Target
  
  q1kuiv.rar
- Size
  
  2.3MB
- MD5
  
  35bd5e55c0b4841b3dbf3872e768aac7
- SHA1
  
  eab5991a78947ac80a94a5e0d837e30414960ee7
- SHA256
  
  cfa5c7404f63d519045ea11917e047521f2f3d85dd276286843063b0eac84b27
- SHA512
  
  88774b9b3292a8af57a54db7761fed13b7647787cb0d27b97afb168364794f056a82cc40759751d12c7bf975af067481dcfa28431e0d4183b8688ce208279e5d
- SSDEEP
  
  49152:yUz+SJFW6EW0yWUq8Y0eH2ml4SC7MtVda4LHYCK/pbKL0GyXs8qDoAjCWW+:y0FJL0yWUqrx2pdodTLDK/p3XlmG6
Score

3^/10
behavioral1
- Target
  
  Goziix Temp.exe
- Size
  
  2.4MB
- MD5
  
  8fe011b0b10eb4eca5022acf1bed5696
- SHA1
  
  ac957f46a9ed7fca27103e497f94df55fcc6560f
- SHA256
  
  ef464cb915f0c3864ea0e274eac67e7fdcf1da7841325248adece8b4a2f6146c
- SHA512
  
  366b04d4c3a829491ccf2d7abe6c14eaf7d15a6d1a78e8bea6857182c4e9534f5bd91c7c3b7380fe8dc19a0636361ec30639fdc91737ae3f78abe3e06145080b
- SSDEEP
  
  49152:PY+zMmPITYbNbNWo4kSH3OqtwIjkqXfd+/9Ao8PgsAan:PY+zFPIT4bNJFY3OqtXkqXf0FJ8P3AW
Score

3^/10

discovery
behavioral2
- Target
  
  README.txt
- Size
  
  93B
- MD5
  
  182931747e988d45c589cdef75ad506e
- SHA1
  
  bbd2a583dc32412d302cb7f152ca1376040a185b
- SHA256
  
  1b855a73c2287296c96a90bfad0d9fba22c299b9c034dd9aac1f22df086cd6b8
- SHA512
  
  c69c50eb64ba19cecdcb6332079239cc694ab328d55478dc37e422c9c7749ece11d2cbce7d7d8945013ba49c75089ac213365a67cbfdbae7de676cc1a235fe06
Score

1^/10
behavioral3
- Target
  
  certificate.crt
- Size
  
  1KB
- MD5
  
  e3eff8b29b2d04da7a2e09e214f0949b
- SHA1
  
  34a05a3e6a8fc1710d22b9fb891f6c7a400c5701
- SHA256
  
  dfea79c5653186395f8c5c06942471144d1528a2bb0a270321b1a53bcab32f58
- SHA512
  
  bd7207bed45d100a522228ed21d1bee079e4cbd449369f114a9feda56d0ca7df1fc05c8451454f60b77ae27a12a1467eae667c9f1a992a9dab755dcd7f3344c5
Score

8^/10
- Blocklisted process makes network request
behavioral4
- Target
  
  sexting.exe
- Size
  
  106KB
- MD5
  
  e7c1cdf2eeed755911ddc1c00128d2ce
- SHA1
  
  9286d04e60f000b876ae201c8bb6cde304280199
- SHA256
  
  667a896324071d75225966c76fea387be6027eaebe5a32006f50eadcf29b23b7
- SHA512
  
  eb4eb324fb8100c98f4529e97bd5eafc7214b018c79976d6ec48a8ee8c3f9fec83be6390dd9660764566e25413eb624540d7353aa5f45e07957e5ed695ff7e16
- SSDEEP
  
  1536:D7fbN3eEDhDPA/pICdUkbBtW7upvaLU0bI5taxKo0IOlnToIf4w9cOQcGCq2iW7z:f7DhdC6kzWypvaQ0FxyNTBf4IBGCH
Score

10^/10

bdaejec aspackv2 backdoor discovery
- Bdaejec
  Bdaejec is a backdoor written in C++.
  backdoor bdaejec
- Detects Bdaejec Backdoor.
  Bdaejec is backdoor written in C++.
- Drops file in Drivers directory
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral5

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

3

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Blocklisted process makes network request

Detects Bdaejec Backdoor.

Drops file in Drivers directory

ASPack v2.12-2.42

Checks computer location settings

Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5