General

  • Target

    2024-11-25_3678b6fac035fcc1f705c291a9039c58_smoke-loader_wapomi

  • Size

    35KB

  • Sample

    241125-e1zebatrbn

  • MD5

    3678b6fac035fcc1f705c291a9039c58

  • SHA1

    925a09039de5d0006daf64cbacb798d285f91445

  • SHA256

    dd23b91802db436df659ce628cd7ac36e1b5240b55f711f69c595c4b7d537e41

  • SHA512

    00ee093f46e49d7709a9a1dddc5f8e6b1d782832355bb8946382a2208fc9f5c9a6563670d947d71e0d21a4949a9ff66bd17f68484377b0c6f71ec30fa25b1be7

  • SSDEEP

    768:3wv4s7UUpOvj8u4Mf4MMRt4Mtj6QGPL4vzZq2o9W7GsxBbPr:3wvvoqO4uP87t5GCq2iW7z

Malware Config

Extracted

Family

bdaejec

C2

ddos.dnsnb8.net

Targets

    • Target

      2024-11-25_3678b6fac035fcc1f705c291a9039c58_smoke-loader_wapomi

    • Size

      35KB

    • MD5

      3678b6fac035fcc1f705c291a9039c58

    • SHA1

      925a09039de5d0006daf64cbacb798d285f91445

    • SHA256

      dd23b91802db436df659ce628cd7ac36e1b5240b55f711f69c595c4b7d537e41

    • SHA512

      00ee093f46e49d7709a9a1dddc5f8e6b1d782832355bb8946382a2208fc9f5c9a6563670d947d71e0d21a4949a9ff66bd17f68484377b0c6f71ec30fa25b1be7

    • SSDEEP

      768:3wv4s7UUpOvj8u4Mf4MMRt4Mtj6QGPL4vzZq2o9W7GsxBbPr:3wvvoqO4uP87t5GCq2iW7z

    • Bdaejec

      Bdaejec is a backdoor written in C++.

    • Bdaejec family

    • Detects Bdaejec Backdoor.

      Bdaejec is backdoor written in C++.

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks