General
-
Target
241120-dvqpjszjfx_pw_infected.zip
-
Size
468KB
-
Sample
241120-d1s2vszbnh
-
MD5
b56a773fd084d184bfe971c9112ad267
-
SHA1
0c5ae482b2224753d0330dfa6bee7a0fa27e5572
-
SHA256
6a73ef0f22202d51172c83eab70240735848ad37689661faf13a56a2bd72f8d0
-
SHA512
fab59d5e35c55f24c55ddce97a843934e0e42ed9f8de5fa44ac52724ddf3c722a140eb7677756c819d3e155caa4d4ac1381c3d2a1771b909df91c451ed3e7347
-
SSDEEP
12288:cTDJ/cV+lD8Og8xWK39MroM3IBb4fbZvJOzeW:CZP8OLxL9MroM3IBb4fvAX
Malware Config
Extracted
bdaejec
ddos.dnsnb8.net
Targets
-
-
Target
c1ebd4c1595fa80d6521320a9500d22b55693bd7ce20af58492a1018b8ccf18e.exe
-
Size
868KB
-
MD5
3f64df9616321b718366e70eab655e0c
-
SHA1
9cb754e4471a26957f5aad0e37a3c705358fbde2
-
SHA256
c1ebd4c1595fa80d6521320a9500d22b55693bd7ce20af58492a1018b8ccf18e
-
SHA512
cf092a45b0182df00781bed1912215c5555ac8c877abf24a5277126cb6838c0b8c9325af45993ff9471c73c589f141f9a7e447fa07badb925e26510837d2c678
-
SSDEEP
24576:MNjTaxN/1+N7zOQr3mYCFY7Mk2xT+2n/S225E2Y22222Gxqz8uRHYbJ2d2hgZgFU:Hx2N7qM3mvnZe
Score10/10-
Bdaejec
Bdaejec is a backdoor written in C++.
-
Bdaejec family
-
Detects Bdaejec Backdoor.
Bdaejec is backdoor written in C++.
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Neshta family
-
Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
-
Ramnit family
-
ASPack v2.12-2.42
Detects executables packed with ASPack v2.12-2.42
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-