General
-
Target
2024-11-26_ecfbebd07fea2eadf0b911052581b794_smoke-loader_wapomi
-
Size
80KB
-
Sample
241126-qdnj3ssmfy
-
MD5
ecfbebd07fea2eadf0b911052581b794
-
SHA1
8e3e455226f4e8553840c640843674a536cdb888
-
SHA256
85e8372012d48fd4551bf250af6b268d84f5a24a5f8cbd67d96783d22db3c6b6
-
SHA512
32819fbfa8f6bb06d32fc4e8832d537efeaf52ceab7943892c128e77409a0d96f7ee8919319d4ff8f42f01c70556756a3d2cdb99d32f40fe60b0e83f5ac32c6a
-
SSDEEP
1536:RfnLq01weW5yX3jFxv49Nu4GhQo+GCq2iW7z:Y3ysTGhQfGCH
Static task
static1
Behavioral task
behavioral1
Sample
2024-11-26_ecfbebd07fea2eadf0b911052581b794_smoke-loader_wapomi.exe
Resource
win7-20241010-en
Malware Config
Extracted
bdaejec
ddos.dnsnb8.net
Targets
-
-
Target
2024-11-26_ecfbebd07fea2eadf0b911052581b794_smoke-loader_wapomi
-
Size
80KB
-
MD5
ecfbebd07fea2eadf0b911052581b794
-
SHA1
8e3e455226f4e8553840c640843674a536cdb888
-
SHA256
85e8372012d48fd4551bf250af6b268d84f5a24a5f8cbd67d96783d22db3c6b6
-
SHA512
32819fbfa8f6bb06d32fc4e8832d537efeaf52ceab7943892c128e77409a0d96f7ee8919319d4ff8f42f01c70556756a3d2cdb99d32f40fe60b0e83f5ac32c6a
-
SSDEEP
1536:RfnLq01weW5yX3jFxv49Nu4GhQo+GCq2iW7z:Y3ysTGhQfGCH
-
Bdaejec family
-
Detects Bdaejec Backdoor.
Bdaejec is backdoor written in C++.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-