General

  • Target

    2024-11-26_ecfbebd07fea2eadf0b911052581b794_smoke-loader_wapomi

  • Size

    80KB

  • Sample

    241126-qdnj3ssmfy

  • MD5

    ecfbebd07fea2eadf0b911052581b794

  • SHA1

    8e3e455226f4e8553840c640843674a536cdb888

  • SHA256

    85e8372012d48fd4551bf250af6b268d84f5a24a5f8cbd67d96783d22db3c6b6

  • SHA512

    32819fbfa8f6bb06d32fc4e8832d537efeaf52ceab7943892c128e77409a0d96f7ee8919319d4ff8f42f01c70556756a3d2cdb99d32f40fe60b0e83f5ac32c6a

  • SSDEEP

    1536:RfnLq01weW5yX3jFxv49Nu4GhQo+GCq2iW7z:Y3ysTGhQfGCH

Malware Config

Extracted

Family

bdaejec

C2

ddos.dnsnb8.net

Targets

    • Target

      2024-11-26_ecfbebd07fea2eadf0b911052581b794_smoke-loader_wapomi

    • Size

      80KB

    • MD5

      ecfbebd07fea2eadf0b911052581b794

    • SHA1

      8e3e455226f4e8553840c640843674a536cdb888

    • SHA256

      85e8372012d48fd4551bf250af6b268d84f5a24a5f8cbd67d96783d22db3c6b6

    • SHA512

      32819fbfa8f6bb06d32fc4e8832d537efeaf52ceab7943892c128e77409a0d96f7ee8919319d4ff8f42f01c70556756a3d2cdb99d32f40fe60b0e83f5ac32c6a

    • SSDEEP

      1536:RfnLq01weW5yX3jFxv49Nu4GhQo+GCq2iW7z:Y3ysTGhQfGCH

    • Bdaejec

      Bdaejec is a backdoor written in C++.

    • Bdaejec family

    • Detects Bdaejec Backdoor.

      Bdaejec is backdoor written in C++.

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks