General

  • Target

    2024-11-23_4c8acb9d98b24b727031d7ce55157c76_smoke-loader_wapomi

  • Size

    1.1MB

  • Sample

    241123-rygspssqfp

  • MD5

    4c8acb9d98b24b727031d7ce55157c76

  • SHA1

    90439d0ef38869f59b6193ed098282ac9e08b626

  • SHA256

    35814d815080011392f0abf62bb6b1a5164a176c06f76e00119448498b7f8546

  • SHA512

    8d705c4c25ecaf7af00cb5fe20d6d2aa28e4d90b540503964dae89164a7bb339a343d31e61009d642ba043ed4b88b0c5f8d80dffcb188200c42da5140fc30733

  • SSDEEP

    12288:ZqOPajQUXXP8QvLWFx6Mo5rippDC7ee1hpls4Ey+:ZnajQEPnvg6PhWDC750

Malware Config

Extracted

Family

bdaejec

C2

ddos.dnsnb8.net

Targets

    • Target

      2024-11-23_4c8acb9d98b24b727031d7ce55157c76_smoke-loader_wapomi

    • Size

      1.1MB

    • MD5

      4c8acb9d98b24b727031d7ce55157c76

    • SHA1

      90439d0ef38869f59b6193ed098282ac9e08b626

    • SHA256

      35814d815080011392f0abf62bb6b1a5164a176c06f76e00119448498b7f8546

    • SHA512

      8d705c4c25ecaf7af00cb5fe20d6d2aa28e4d90b540503964dae89164a7bb339a343d31e61009d642ba043ed4b88b0c5f8d80dffcb188200c42da5140fc30733

    • SSDEEP

      12288:ZqOPajQUXXP8QvLWFx6Mo5rippDC7ee1hpls4Ey+:ZnajQEPnvg6PhWDC750

    • Bdaejec

      Bdaejec is a backdoor written in C++.

    • Bdaejec family

    • Detects Bdaejec Backdoor.

      Bdaejec is backdoor written in C++.

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks