Extracted

Extracted

Extracted

• • Target

    902ab71895adf1f8fb6c414350f048aa89835e7ae4583e14e340eb21b92d759f

  • Size

    3.4MB

  • MD5

    c4edc29dee2a74fa1bb461dbdc1a672c

  • SHA1

    83b4f05ef3bed190153e6fca51fef311b9bc1c5c

  • SHA256

    902ab71895adf1f8fb6c414350f048aa89835e7ae4583e14e340eb21b92d759f

  • SHA512

    668527e5c172837ae708688ea6713cf22ede984ee6c90e19ed1fdd73e2cb20d198008be01a0ee2a5a493f07427ffc2771efd0fc2c2a50ddbfcb104a869e48410

  • SSDEEP

    98304:2qPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2g3:2qPe1Cxcxk3ZAEUadzR8yc4g

  Score

  10^/10

  bdaejecwannacryaspackv2backdoordefense_evasiondiscoveryexecutionimpactpersistenceransomwarespywarestealerworm

  • Bdaejec

    Bdaejec is a backdoor written in C++.

    backdoorbdaejec

  • Bdaejec family

    bdaejec

  • Detects Bdaejec Backdoor.

    Bdaejec is backdoor written in C++.

  • Wannacry

    WannaCry is a ransomware cryptoworm.

    ransomwarewormwannacry

  • Wannacry family

    wannacry

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution

  • ASPack v2.12-2.42

    Detects executables packed with ASPack v2.12-2.42

    aspackv2

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Modifies file permissions

    discovery

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • File and Directory Permissions Modification: Windows File and Directory Permissions Modification

    defense_evasion

  • Sets desktop wallpaper using registry

    ransomware
  behavioral1behavioral2