General

  • Target

    0c2a99b31cc11897020713339486bc54b40342cdf516b9b00ce0af1b448c06e4

  • Size

    11.5MB

  • Sample

    241107-spnekavcpe

  • MD5

    d26bab5d9ecfd0cb23eaf5f4b70a1a3e

  • SHA1

    a30fd7748b012e83fb683778f4a1ceef04c27c7c

  • SHA256

    0c2a99b31cc11897020713339486bc54b40342cdf516b9b00ce0af1b448c06e4

  • SHA512

    2149e347dc0e6c368493aeb0b7e53d7637ec575ef04cde2883c5c0155d700f49253e4a9c39d5de91fc6cd49f73f753107b65eba6d02066f7925be38dfb414904

  • SSDEEP

    196608:FAQuVH3M82sRhWphk2XmH24Wgf7TInXinHuE50PbdtwsmrKVveZleGxzLVyyqg:GLxM8r22PvInXinHuK0xCKVvetRVl

Malware Config

Extracted

Family

bdaejec

C2

ddos.dnsnb8.net

Targets

    • Target

      0c2a99b31cc11897020713339486bc54b40342cdf516b9b00ce0af1b448c06e4

    • Size

      11.5MB

    • MD5

      d26bab5d9ecfd0cb23eaf5f4b70a1a3e

    • SHA1

      a30fd7748b012e83fb683778f4a1ceef04c27c7c

    • SHA256

      0c2a99b31cc11897020713339486bc54b40342cdf516b9b00ce0af1b448c06e4

    • SHA512

      2149e347dc0e6c368493aeb0b7e53d7637ec575ef04cde2883c5c0155d700f49253e4a9c39d5de91fc6cd49f73f753107b65eba6d02066f7925be38dfb414904

    • SSDEEP

      196608:FAQuVH3M82sRhWphk2XmH24Wgf7TInXinHuE50PbdtwsmrKVveZleGxzLVyyqg:GLxM8r22PvInXinHuK0xCKVvetRVl

    • Bdaejec

      Bdaejec is a backdoor written in C++.

    • Bdaejec family

    • Detects Bdaejec Backdoor.

      Bdaejec is backdoor written in C++.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks