General

  • Target

    680bcd0edd2947879e510ac367d5883fc6683bb8a6913c95b99a94a4441a2167

  • Size

    2.7MB

  • Sample

    241123-nezydstndy

  • MD5

    32e14db7af2f7a7ff473562adab391dc

  • SHA1

    3edb02ed9dfb773bb410c20aa509bcdbe6ad34ca

  • SHA256

    680bcd0edd2947879e510ac367d5883fc6683bb8a6913c95b99a94a4441a2167

  • SHA512

    bbc85f497995f7bebb782ad2c69dc2558a10dd6276cfc1c8b305707c8f8aa6c4eac327c706d7376219dc717f6c19c9dafaf6563b16bd41db529e12c21bb98162

  • SSDEEP

    49152:K5yaUm62qD9dDqnroHOrQhKTlh1d2HObA3:K5zA9cnsHIZhf2Hv

Malware Config

Extracted

Family

bdaejec

C2

ddos.dnsnb8.net

Targets

    • Target

      680bcd0edd2947879e510ac367d5883fc6683bb8a6913c95b99a94a4441a2167

    • Size

      2.7MB

    • MD5

      32e14db7af2f7a7ff473562adab391dc

    • SHA1

      3edb02ed9dfb773bb410c20aa509bcdbe6ad34ca

    • SHA256

      680bcd0edd2947879e510ac367d5883fc6683bb8a6913c95b99a94a4441a2167

    • SHA512

      bbc85f497995f7bebb782ad2c69dc2558a10dd6276cfc1c8b305707c8f8aa6c4eac327c706d7376219dc717f6c19c9dafaf6563b16bd41db529e12c21bb98162

    • SSDEEP

      49152:K5yaUm62qD9dDqnroHOrQhKTlh1d2HObA3:K5zA9cnsHIZhf2Hv

    • Bdaejec

      Bdaejec is a backdoor written in C++.

    • Bdaejec family

    • Detects Bdaejec Backdoor.

      Bdaejec is backdoor written in C++.

    • Drops file in Drivers directory

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks