General

  • Target

    2024-11-24_43b201729678800539cb685d9b601ea0_smoke-loader_wapomi

  • Size

    125KB

  • Sample

    241124-aqrt9s1jel

  • MD5

    43b201729678800539cb685d9b601ea0

  • SHA1

    390e8f15540fec40b37d0af1c5b259c5a30f3b70

  • SHA256

    6c7f2af6b0e4a4282ad2db2a1303e37e3707334e5d9a5b30c9bc5be14a39758e

  • SHA512

    5d115db22692751b74eba30096f00a78f0b14d641a94752917ccf141e5a928bf64b4fc9f96aa6fce13db23a84843d7a48c0855c0b160e9068170f43a81e472f5

  • SSDEEP

    3072:IH451OJpM1uOcIbqaORUF0/+8v51AwGoG94dF/GCH:x4pM1uLIbCKFq++RGT4dFu

Malware Config

Extracted

Family

bdaejec

C2

ddos.dnsnb8.net

Targets

    • Target

      2024-11-24_43b201729678800539cb685d9b601ea0_smoke-loader_wapomi

    • Size

      125KB

    • MD5

      43b201729678800539cb685d9b601ea0

    • SHA1

      390e8f15540fec40b37d0af1c5b259c5a30f3b70

    • SHA256

      6c7f2af6b0e4a4282ad2db2a1303e37e3707334e5d9a5b30c9bc5be14a39758e

    • SHA512

      5d115db22692751b74eba30096f00a78f0b14d641a94752917ccf141e5a928bf64b4fc9f96aa6fce13db23a84843d7a48c0855c0b160e9068170f43a81e472f5

    • SSDEEP

      3072:IH451OJpM1uOcIbqaORUF0/+8v51AwGoG94dF/GCH:x4pM1uLIbCKFq++RGT4dFu

    • Bdaejec

      Bdaejec is a backdoor written in C++.

    • Bdaejec family

    • Detects Bdaejec Backdoor.

      Bdaejec is backdoor written in C++.

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks