General

  • Target

    2024-11-29_549cebf7010f2eda9036c905d6a9ba19_smoke-loader_wapomi

  • Size

    203KB

  • Sample

    241129-b68y6atqdq

  • MD5

    549cebf7010f2eda9036c905d6a9ba19

  • SHA1

    fd04070adab1ff97aa3fcf38424a4662f8c20d85

  • SHA256

    547c069760f8be2ec3b762a20f03bd7c913104c061804a29b31ee0d447c15ca1

  • SHA512

    ac5f7404e2c7feae17b7480412b38c68a120e3c9ea54d22df85922434cb3f1f19471c4627ccc2f43e898719b8b2e441de2a8483c4adaf1ec8785a5a2ba23ef5d

  • SSDEEP

    3072:h1TlCN3DeL0dA/VkvpS6zpQDt0v2E6LGHxdOWTtDwqytR2TBf9AqqpUwIwGCH:/lGXd4OvDzewKLGHj0qTBlznBt

Malware Config

Extracted

Family

bdaejec

C2

ddos.dnsnb8.net

Targets

    • Target

      2024-11-29_549cebf7010f2eda9036c905d6a9ba19_smoke-loader_wapomi

    • Size

      203KB

    • MD5

      549cebf7010f2eda9036c905d6a9ba19

    • SHA1

      fd04070adab1ff97aa3fcf38424a4662f8c20d85

    • SHA256

      547c069760f8be2ec3b762a20f03bd7c913104c061804a29b31ee0d447c15ca1

    • SHA512

      ac5f7404e2c7feae17b7480412b38c68a120e3c9ea54d22df85922434cb3f1f19471c4627ccc2f43e898719b8b2e441de2a8483c4adaf1ec8785a5a2ba23ef5d

    • SSDEEP

      3072:h1TlCN3DeL0dA/VkvpS6zpQDt0v2E6LGHxdOWTtDwqytR2TBf9AqqpUwIwGCH:/lGXd4OvDzewKLGHj0qTBlznBt

    • Bdaejec

      Bdaejec is a backdoor written in C++.

    • Bdaejec family

    • Detects Bdaejec Backdoor.

      Bdaejec is backdoor written in C++.

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks