bdaejec | a8fc8a770ec88ee9344046bdc5eabb2015f363ec71c2b2534a8caba4b644e035 | Triage

Submit
Reports

Overview

overview

Static

static

3

2024-11-28...mi.exe

windows7-x64

2024-11-28...mi.exe

windows10-2004-x64

Sharing

General

Target

2024-11-28_87ed3a5fb81ee41144e8ba72860cdee1_smoke-loader_wapomi
Size

884KB
Sample

241128-qncwbsynaz
MD5

87ed3a5fb81ee41144e8ba72860cdee1
SHA1

bb6c791feee052d1482026780c3e181df29d3a2b
SHA256

a8fc8a770ec88ee9344046bdc5eabb2015f363ec71c2b2534a8caba4b644e035
SHA512

d683095a4c88c0ad15b8a98f39c27172511f2b82777fb258f3e182bcdac7bd810e1e582a3c9517931d9c6fb09819390d8e429cff8e9e5e6f37f7b1fa3d5a9e1c
SSDEEP

24576:jrfGS5+muky0YxHDiE3esqG5o7NWIEJxnN1:2l+TGm7sIC

Score

10^/10

bdaejec aspackv2 backdoor discovery evasion trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2024-11-28_87ed3a5fb81ee41144e8ba72860cdee1_smoke-loader_wapomi.exe

Resource

win7-20240903-en

bdaejec aspackv2 backdoor discovery evasion trojan

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

2024-11-28_87ed3a5fb81ee41144e8ba72860cdee1_smoke-loader_wapomi.exe

Resource

win10v2004-20241007-en

bdaejec aspackv2 backdoor discovery evasion trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

bdaejec

C2

ddos.dnsnb8.net

Targets

- Target
  
  2024-11-28_87ed3a5fb81ee41144e8ba72860cdee1_smoke-loader_wapomi
- Size
  
  884KB
- MD5
  
  87ed3a5fb81ee41144e8ba72860cdee1
- SHA1
  
  bb6c791feee052d1482026780c3e181df29d3a2b
- SHA256
  
  a8fc8a770ec88ee9344046bdc5eabb2015f363ec71c2b2534a8caba4b644e035
- SHA512
  
  d683095a4c88c0ad15b8a98f39c27172511f2b82777fb258f3e182bcdac7bd810e1e582a3c9517931d9c6fb09819390d8e429cff8e9e5e6f37f7b1fa3d5a9e1c
- SSDEEP
  
  24576:jrfGS5+muky0YxHDiE3esqG5o7NWIEJxnN1:2l+TGm7sIC
Score

10^/10

bdaejec aspackv2 backdoor discovery evasion trojan
- Bdaejec
  Bdaejec is a backdoor written in C++.
  backdoor bdaejec
- Bdaejec family
  bdaejec
- Detects Bdaejec Backdoor.
  Bdaejec is backdoor written in C++.
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bdaejecaspackv2backdoordiscoveryevasiontrojan

behavioral2

bdaejecaspackv2backdoordiscoveryevasiontrojan

© 2018-2024

Terms | Privacy