bdaejec | 9e1067edf5077a1a785034ea20c3d8ff13a915d630ba9df49a6487fed3a3d977 | Triage

Submit
Reports

Overview

overview

Static

static

3

Spoofer-ZaxaR.exe

windows10-ltsc 2021-x64

Sharing

General

Target

Spoofer-ZaxaR.exe
Size

723KB
Sample

241103-zhnv3swqar
MD5

cd537a991f54a5735faf943bc64cc331
SHA1

2b78937dbe5817243913091bfca92ce65a10dc9a
SHA256

9e1067edf5077a1a785034ea20c3d8ff13a915d630ba9df49a6487fed3a3d977
SHA512

70bd9033071a5b9fd4b567b6c70d674fc685147bde3318f177570b14eda731cbb86290ab393e9f6d7244648f5cc2488cdd3a2273337784679f5313e779df1889
SSDEEP

12288:voSWNT4EBCpw1RI+d8uRFYbh7yIcR9NmLPyEXU0eJtf4GvHnPg:voS2T4i1Nd8KuDYNeqcUJpf

Score

10^/10

bdaejec aspackv2 backdoor discovery execution upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Spoofer-ZaxaR.exe

Resource

win10ltsc2021-20241023-en

bdaejec aspackv2 backdoor discovery execution upx

windows10-ltsc 2021-x64

16 signatures

150 seconds

Malware Config

Extracted

Family

bdaejec

C2

ddos.dnsnb8.net

Targets

- Target
  
  Spoofer-ZaxaR.exe
- Size
  
  723KB
- MD5
  
  cd537a991f54a5735faf943bc64cc331
- SHA1
  
  2b78937dbe5817243913091bfca92ce65a10dc9a
- SHA256
  
  9e1067edf5077a1a785034ea20c3d8ff13a915d630ba9df49a6487fed3a3d977
- SHA512
  
  70bd9033071a5b9fd4b567b6c70d674fc685147bde3318f177570b14eda731cbb86290ab393e9f6d7244648f5cc2488cdd3a2273337784679f5313e779df1889
- SSDEEP
  
  12288:voSWNT4EBCpw1RI+d8uRFYbh7yIcR9NmLPyEXU0eJtf4GvHnPg:voS2T4i1Nd8KuDYNeqcUJpf
Score

10^/10

bdaejec aspackv2 backdoor discovery execution upx
- Bdaejec
  Bdaejec is a backdoor written in C++.
  backdoor bdaejec
- Bdaejec family
  bdaejec
- Detects Bdaejec Backdoor.
  Bdaejec is backdoor written in C++.
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bdaejecaspackv2backdoordiscoveryexecutionupx

© 2018-2024

Terms | Privacy