General
-
Target
0c2a99b31cc11897020713339486bc54b40342cdf516b9b00ce0af1b448c06e4
-
Size
11.5MB
-
Sample
241107-spnekavcpe
-
MD5
d26bab5d9ecfd0cb23eaf5f4b70a1a3e
-
SHA1
a30fd7748b012e83fb683778f4a1ceef04c27c7c
-
SHA256
0c2a99b31cc11897020713339486bc54b40342cdf516b9b00ce0af1b448c06e4
-
SHA512
2149e347dc0e6c368493aeb0b7e53d7637ec575ef04cde2883c5c0155d700f49253e4a9c39d5de91fc6cd49f73f753107b65eba6d02066f7925be38dfb414904
-
SSDEEP
196608:FAQuVH3M82sRhWphk2XmH24Wgf7TInXinHuE50PbdtwsmrKVveZleGxzLVyyqg:GLxM8r22PvInXinHuK0xCKVvetRVl
Behavioral task
behavioral1
Sample
0c2a99b31cc11897020713339486bc54b40342cdf516b9b00ce0af1b448c06e4.exe
Resource
win7-20240903-en
Malware Config
Extracted
bdaejec
ddos.dnsnb8.net
Targets
-
-
Target
0c2a99b31cc11897020713339486bc54b40342cdf516b9b00ce0af1b448c06e4
-
Size
11.5MB
-
MD5
d26bab5d9ecfd0cb23eaf5f4b70a1a3e
-
SHA1
a30fd7748b012e83fb683778f4a1ceef04c27c7c
-
SHA256
0c2a99b31cc11897020713339486bc54b40342cdf516b9b00ce0af1b448c06e4
-
SHA512
2149e347dc0e6c368493aeb0b7e53d7637ec575ef04cde2883c5c0155d700f49253e4a9c39d5de91fc6cd49f73f753107b65eba6d02066f7925be38dfb414904
-
SSDEEP
196608:FAQuVH3M82sRhWphk2XmH24Wgf7TInXinHuE50PbdtwsmrKVveZleGxzLVyyqg:GLxM8r22PvInXinHuK0xCKVvetRVl
-
Bdaejec family
-
Detects Bdaejec Backdoor.
Bdaejec is backdoor written in C++.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-