General

  • Target

    9b1fe801ba9b3937b776d0852b354a102bc2884cfe18f6fba0945c8d82debab3

  • Size

    31KB

  • Sample

    241101-vgl8mstcjj

  • MD5

    159ba9871b1794e3b6697f7f5e83636a

  • SHA1

    84120448e40765f6767194c2eab5a56e69dbc9f8

  • SHA256

    9b1fe801ba9b3937b776d0852b354a102bc2884cfe18f6fba0945c8d82debab3

  • SHA512

    92a44e9938ede9370348ebb76e7079595da28776d602c00320856b919cc3bd6430dc565d53e16077b52e610f0c51d3246de3677a4a12f3ebe358f62f52fbbf92

  • SSDEEP

    768:uWQ3655Kv1X/qY1MSd4cQGPL4vzZq2o9W7GsxBbPr:uHqaNrFd4/GCq2iW7z

Malware Config

Extracted

Family

bdaejec

C2

ddos.dnsnb8.net

Targets

    • Target

      9b1fe801ba9b3937b776d0852b354a102bc2884cfe18f6fba0945c8d82debab3

    • Size

      31KB

    • MD5

      159ba9871b1794e3b6697f7f5e83636a

    • SHA1

      84120448e40765f6767194c2eab5a56e69dbc9f8

    • SHA256

      9b1fe801ba9b3937b776d0852b354a102bc2884cfe18f6fba0945c8d82debab3

    • SHA512

      92a44e9938ede9370348ebb76e7079595da28776d602c00320856b919cc3bd6430dc565d53e16077b52e610f0c51d3246de3677a4a12f3ebe358f62f52fbbf92

    • SSDEEP

      768:uWQ3655Kv1X/qY1MSd4cQGPL4vzZq2o9W7GsxBbPr:uHqaNrFd4/GCq2iW7z

    • Bdaejec

      Bdaejec is a backdoor written in C++.

    • Bdaejec family

    • Detects Bdaejec Backdoor.

      Bdaejec is backdoor written in C++.

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks