bdaejec | 455c792d602c9bff99be0631cc30cae0c997a5f2bae804274ddad10b9af39f84 | Triage

Submit
Reports

Overview

overview

Static

static

5

455c792d60...84.exe

windows7-x64

455c792d60...84.exe

windows10-2004-x64

Sharing

General

Target

455c792d602c9bff99be0631cc30cae0c997a5f2bae804274ddad10b9af39f84
Size

1.3MB
Sample

241017-wtqx2a1drk
MD5

bc020f08f3dbdceb42574f4d4ff84760
SHA1

c52ca0fd930f7702b99e8833d5dc017cf73a30e2
SHA256

455c792d602c9bff99be0631cc30cae0c997a5f2bae804274ddad10b9af39f84
SHA512

86d4bcb278ea0547fa44ef2c853ce5c8c583f0b4fb5174aed95ca95a5414c4db24e571ea62733fc8aaddd39472dcf26d4bab38ac8317512a7593c68f1e267afa
SSDEEP

24576:nBXu9HGaS1c4WK5FRUO75CBg5/XWoGYNImnqKF8/M/2pe7qq7apCBJT:nw9SdWK5rUO75F/H2R/NWqquOJ

Score

10^/10

bdaejec aspackv2 backdoor discovery upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

455c792d602c9bff99be0631cc30cae0c997a5f2bae804274ddad10b9af39f84.exe

Resource

win7-20240903-en

bdaejec aspackv2 backdoor discovery upx

windows7-x64

19 signatures

150 seconds

Behavioral task

behavioral2

Sample

455c792d602c9bff99be0631cc30cae0c997a5f2bae804274ddad10b9af39f84.exe

Resource

win10v2004-20241007-en

bdaejec aspackv2 backdoor discovery upx

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

bdaejec

C2

ddos.dnsnb8.net

Targets

- Target
  
  455c792d602c9bff99be0631cc30cae0c997a5f2bae804274ddad10b9af39f84
- Size
  
  1.3MB
- MD5
  
  bc020f08f3dbdceb42574f4d4ff84760
- SHA1
  
  c52ca0fd930f7702b99e8833d5dc017cf73a30e2
- SHA256
  
  455c792d602c9bff99be0631cc30cae0c997a5f2bae804274ddad10b9af39f84
- SHA512
  
  86d4bcb278ea0547fa44ef2c853ce5c8c583f0b4fb5174aed95ca95a5414c4db24e571ea62733fc8aaddd39472dcf26d4bab38ac8317512a7593c68f1e267afa
- SSDEEP
  
  24576:nBXu9HGaS1c4WK5FRUO75CBg5/XWoGYNImnqKF8/M/2pe7qq7apCBJT:nw9SdWK5rUO75F/H2R/NWqquOJ
Score

10^/10

bdaejec aspackv2 backdoor discovery upx
- Bdaejec
  Bdaejec is a backdoor written in C++.
  backdoor bdaejec
- Detects Bdaejec Backdoor.
  Bdaejec is backdoor written in C++.
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

bdaejecaspackv2backdoordiscoveryupx

behavioral2

bdaejecaspackv2backdoordiscoveryupx

© 2018-2025

Terms | Privacy