General

  • Target

    2024-11-28_514e519aab7c71690605a06e44e85b6c_smoke-loader_wapomi

  • Size

    905KB

  • Sample

    241128-qn1x6ayncw

  • MD5

    514e519aab7c71690605a06e44e85b6c

  • SHA1

    dbd04617925c05b11f177a6b706c90e056ce9b8a

  • SHA256

    a7debc7e3e3c5882d62d232c17b8d75a7b7ebf321d58c471a51bb6e336a4972c

  • SHA512

    12ea1692c504a845be10cc32d76fefb6a90678a85f98e93f585ec58581bb5071889588fd5b447b54fd9bdfb6fa2cd76a5a8e96397bcd4ab7180fdb71b2348aee

  • SSDEEP

    24576:SitjqesDHoeKdfRDltk4suznX4fHo5rt46h:wfDHQprzXAHoX4

Malware Config

Extracted

Family

bdaejec

C2

ddos.dnsnb8.net

Targets

    • Target

      2024-11-28_514e519aab7c71690605a06e44e85b6c_smoke-loader_wapomi

    • Size

      905KB

    • MD5

      514e519aab7c71690605a06e44e85b6c

    • SHA1

      dbd04617925c05b11f177a6b706c90e056ce9b8a

    • SHA256

      a7debc7e3e3c5882d62d232c17b8d75a7b7ebf321d58c471a51bb6e336a4972c

    • SHA512

      12ea1692c504a845be10cc32d76fefb6a90678a85f98e93f585ec58581bb5071889588fd5b447b54fd9bdfb6fa2cd76a5a8e96397bcd4ab7180fdb71b2348aee

    • SSDEEP

      24576:SitjqesDHoeKdfRDltk4suznX4fHo5rt46h:wfDHQprzXAHoX4

    • Bdaejec

      Bdaejec is a backdoor written in C++.

    • Bdaejec family

    • Detects Bdaejec Backdoor.

      Bdaejec is backdoor written in C++.

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks