General
-
Target
ddc2c78d6f8510947bef12901b68da4f595e0733d9bc82434791d293cdc9e168
-
Size
776KB
-
Sample
241111-zrhenazjfm
-
MD5
3299acdbd8a544780abb6eae4668d1aa
-
SHA1
9e7a81e25b980faa44c4048171027eea865e874b
-
SHA256
ddc2c78d6f8510947bef12901b68da4f595e0733d9bc82434791d293cdc9e168
-
SHA512
f468b7e85d5ccde05b025ee57d5e9f55286fc7d8fc4dd90b1e600f6f1ba30e6f73ec83cc9f2d88f245ab41d9659a5cb2637837f438f7234f942f5cc9a64fd6cd
-
SSDEEP
12288:FeTBslq08I3L92xhqmqUVWFxjPc/jxEnU2vMQs:UtI3L9WqdjPU67
Static task
static1
Behavioral task
behavioral1
Sample
ddc2c78d6f8510947bef12901b68da4f595e0733d9bc82434791d293cdc9e168.exe
Resource
win7-20240903-en
Malware Config
Extracted
bdaejec
ddos.dnsnb8.net
Extracted
trickbot
100019
top115
65.152.201.203:443
185.56.175.122:443
46.99.175.217:443
179.189.229.254:443
46.99.175.149:443
181.129.167.82:443
216.166.148.187:443
46.99.188.223:443
128.201.76.252:443
62.99.79.77:443
60.51.47.65:443
24.162.214.166:443
45.36.99.184:443
97.83.40.67:443
184.74.99.214:443
103.105.254.17:443
62.99.76.213:443
82.159.149.52:443
-
autorunName:pwgrabbName:pwgrabc
Targets
-
-
Target
ddc2c78d6f8510947bef12901b68da4f595e0733d9bc82434791d293cdc9e168
-
Size
776KB
-
MD5
3299acdbd8a544780abb6eae4668d1aa
-
SHA1
9e7a81e25b980faa44c4048171027eea865e874b
-
SHA256
ddc2c78d6f8510947bef12901b68da4f595e0733d9bc82434791d293cdc9e168
-
SHA512
f468b7e85d5ccde05b025ee57d5e9f55286fc7d8fc4dd90b1e600f6f1ba30e6f73ec83cc9f2d88f245ab41d9659a5cb2637837f438f7234f942f5cc9a64fd6cd
-
SSDEEP
12288:FeTBslq08I3L92xhqmqUVWFxjPc/jxEnU2vMQs:UtI3L9WqdjPU67
-
Bdaejec family
-
Detects Bdaejec Backdoor.
Bdaejec is backdoor written in C++.
-
Trickbot family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-