General
-
Target
5ad3f0ca163cb4d21f3c091ab6329997141f3ec2b1b0e1c7de88c922b4502b99
-
Size
3.0MB
-
Sample
241010-dt777swfjc
-
MD5
521a245cb48217d91d6d8deb99696aeb
-
SHA1
87ab6e375a8f101c2093e58732fbe11a1d15ffbc
-
SHA256
5ad3f0ca163cb4d21f3c091ab6329997141f3ec2b1b0e1c7de88c922b4502b99
-
SHA512
09c345453f3c4fca4f6b6efa78297a9b36c69b84372523d9ab64fc57eccf2ccf40b8287662a2082adec870c672d7defbdadc6fb9438288300c89976288a77649
-
SSDEEP
98304:CQE4B5dHz6smSXE5LlblUmhgJecJZfeoACH:CJejT6lSXEjblUme8cJcoh
Malware Config
Extracted
bdaejec
ddos.dnsnb8.net
Targets
-
-
Target
5ad3f0ca163cb4d21f3c091ab6329997141f3ec2b1b0e1c7de88c922b4502b99
-
Size
3.0MB
-
MD5
521a245cb48217d91d6d8deb99696aeb
-
SHA1
87ab6e375a8f101c2093e58732fbe11a1d15ffbc
-
SHA256
5ad3f0ca163cb4d21f3c091ab6329997141f3ec2b1b0e1c7de88c922b4502b99
-
SHA512
09c345453f3c4fca4f6b6efa78297a9b36c69b84372523d9ab64fc57eccf2ccf40b8287662a2082adec870c672d7defbdadc6fb9438288300c89976288a77649
-
SSDEEP
98304:CQE4B5dHz6smSXE5LlblUmhgJecJZfeoACH:CJejT6lSXEjblUme8cJcoh
Score10/10-
Bdaejec
Bdaejec is a backdoor written in C++.
-
Detects Bdaejec Backdoor.
Bdaejec is backdoor written in C++.
-
Modifies RDP port number used by Windows
-
ASPack v2.12-2.42
Detects executables packed with ASPack v2.12-2.42
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of SetThreadContext
-