General

  • Target

    2024-11-17_4f825b9717b4067cce5bc917e3fab377_smoke-loader_wapomi

  • Size

    80KB

  • Sample

    241117-l4vnvsxdqg

  • MD5

    4f825b9717b4067cce5bc917e3fab377

  • SHA1

    7baa522033a79e9a4a6ce5ea10de0ce37b78bf48

  • SHA256

    b09ab01fac4fa50b5208680ddff09109941d4b0905feaf0b3f64b9d7c2c94734

  • SHA512

    a663de68a713125b4c28e18d6247733683170e6e04d0f65942fa13d1e04daa998d58d6b34f6dd191eb963a0ded4ca315b930f898eb76669e2c2489f3f2fea398

  • SSDEEP

    1536:RfnLq01weW5yX3jFxv49Nu4GhQnZGCq2iW7z:Y3ysTGhQZGCH

Malware Config

Extracted

Family

bdaejec

C2

ddos.dnsnb8.net

Targets

    • Target

      2024-11-17_4f825b9717b4067cce5bc917e3fab377_smoke-loader_wapomi

    • Size

      80KB

    • MD5

      4f825b9717b4067cce5bc917e3fab377

    • SHA1

      7baa522033a79e9a4a6ce5ea10de0ce37b78bf48

    • SHA256

      b09ab01fac4fa50b5208680ddff09109941d4b0905feaf0b3f64b9d7c2c94734

    • SHA512

      a663de68a713125b4c28e18d6247733683170e6e04d0f65942fa13d1e04daa998d58d6b34f6dd191eb963a0ded4ca315b930f898eb76669e2c2489f3f2fea398

    • SSDEEP

      1536:RfnLq01weW5yX3jFxv49Nu4GhQnZGCq2iW7z:Y3ysTGhQZGCH

    • Bdaejec

      Bdaejec is a backdoor written in C++.

    • Bdaejec family

    • Detects Bdaejec Backdoor.

      Bdaejec is backdoor written in C++.

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks