General

  • Target

    ib.exe

  • Size

    36KB

  • Sample

    241026-nsz6bavekl

  • MD5

    1913f1b56f94a777c0130ef6e358586f

  • SHA1

    b1bc6735532a06744d37245f172408f8c2f062b0

  • SHA256

    79757b669da7754fb0319e313a1c24b9c9e170b7815174ca55959eb3bbca43f3

  • SHA512

    b838ae8f592776e80c25e4e6280a6e778fa1a1073d62aea9bd6604bdf25248848a45c8589373a0dd978a6193b8ac454eadf53ebcf187dcaa1eb1308cb0a4799c

  • SSDEEP

    768:1LtEcKD6bLDnaJy+bDbM7fSqQGPL4vzZq2o9W7GsxBbPr:1LdugLjR+yfSJGCq2iW7z

Malware Config

Extracted

Family

bdaejec

C2

ddos.dnsnb8.net

Targets

    • Target

      ib.exe

    • Size

      36KB

    • MD5

      1913f1b56f94a777c0130ef6e358586f

    • SHA1

      b1bc6735532a06744d37245f172408f8c2f062b0

    • SHA256

      79757b669da7754fb0319e313a1c24b9c9e170b7815174ca55959eb3bbca43f3

    • SHA512

      b838ae8f592776e80c25e4e6280a6e778fa1a1073d62aea9bd6604bdf25248848a45c8589373a0dd978a6193b8ac454eadf53ebcf187dcaa1eb1308cb0a4799c

    • SSDEEP

      768:1LtEcKD6bLDnaJy+bDbM7fSqQGPL4vzZq2o9W7GsxBbPr:1LdugLjR+yfSJGCq2iW7z

    • Bdaejec

      Bdaejec is a backdoor written in C++.

    • Bdaejec family

    • Detects Bdaejec Backdoor.

      Bdaejec is backdoor written in C++.

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks