General
-
Target
WinFontsView.rar
-
Size
41KB
-
Sample
241120-s6cpdszbjq
-
MD5
db0ff5e44cdd7d718fc85bdc2c5ac957
-
SHA1
315570d42ad73a9954b3a033d849dd3598527924
-
SHA256
1d6f69d6a41aa0b52728cd3e6855e20d17cad83a3d5c2a456ca438c9716ac9e5
-
SHA512
23936d6ae02f87b4ca4567c9d746c1cf85161d1b2960d58befccfa0b9644a702f27607309955b9eb992b028912dcb128ae58c091e7522790616ed28c3694988e
-
SSDEEP
768:nWJPZi5yyF+OCDOCqjcD6yuY5zpKNBeWVEHBIQcMKttAWaz+FPI+2SZIOvEev:WPTOCDfqQAQzUhL8WazEHsc
Malware Config
Extracted
bdaejec
ddos.dnsnb8.net
Targets
-
-
Target
WinFontsView.exe
-
Size
51KB
-
MD5
f2539f82d527e8a57a354635bb2c748f
-
SHA1
afad56a981e0a8e8dc907b2c58593783db64b6f5
-
SHA256
9a0f09b03e9ed484837999c8adcc8fbd60ea3f23df723a82a26221480238e82f
-
SHA512
6239e8ced4bedbfcc943b91bfcd7c2916d1abc3b3a522dc26eac3e2515929d9a56400937fe99f720986eaa28c34160e9e6a00e713265a4934f694d0c2d772b94
-
SSDEEP
768:1j21bLAiFXvGbpN88RQGZ1eNwaofELkAWx7QGPL4vzZq2o9W7GsxBbPr:h2hLAih+bpN89GZL3EUx8GCq2iW7z
Score10/10-
Bdaejec
Bdaejec is a backdoor written in C++.
-
Bdaejec family
-
Detects Bdaejec Backdoor.
Bdaejec is backdoor written in C++.
-
Detected Nirsoft tools
Free utilities often used by attackers which can steal passwords, product keys, etc.
-
ASPack v2.12-2.42
Detects executables packed with ASPack v2.12-2.42
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-