bdaejec

General

Target

18001626286.zip
Size

1.2MB
Sample

241130-q3qezazlaj
MD5

01615f45f03e2f0330bcf2de26755058
SHA1

ecbe4d80589f94e7619897d869abb6b8de7f4cbb
SHA256

da6585e8b34d370c9ed80329f6691a0ea3379ecdb267f64574f03232623dd2f8
SHA512

9d414330905da245692d4de912dabde0490611726e6c4604cb3feefedf4d078de6c0ba96d3ace3d860bf9bdc3c31dc47f89c728534692f768946690ad3545adf
SSDEEP

24576:jhT5MEv5K2Q/UAXRljjKrrq8gLt4mKQMpc/Lv3YzqIJ5gJoNaFH:R5pvk2qU6lje+8UubQMp3mG5gJp

Score

10^/10

Malware Config

Extracted

Family

bdaejec

C2

ddos.dnsnb8.net

Targets

- Target
  
  a855fa52c07ea362123e8cd9fd293824a46fac160c88819aae2cb4212b63bec4
- Size
  
  2.3MB
- MD5
  
  339d10e5c34d820024d08ddafee21b52
- SHA1
  
  97037d550aa84387147267bcb23f9de34ce19da3
- SHA256
  
  a855fa52c07ea362123e8cd9fd293824a46fac160c88819aae2cb4212b63bec4
- SHA512
  
  17e1d3652845afc9c8d19e9cb76d1ce65968290db7b66ed7d05290d2b27395ccf64a76eb021935b88aea23eec8e86653906915406a0d9b02973576b62400bc66
- SSDEEP
  
  49152:HtNUaQsh3Ss/flyXP8BnzoVPgfpQO21F8k:HtNUA3vlyXPE0qR
Score

10^/10

bdaejec blacksuit_windows aspackv2 backdoor discovery ransomware
- Bdaejec
  Bdaejec is a backdoor written in C++.
  backdoor bdaejec
- Bdaejec family
  bdaejec
- BlackSuit
  A ransomware first detected in May 2023 linked to the Conti group.
  ransomware blacksuit_windows
- Blacksuit_windows family
  blacksuit_windows
- Detects Bdaejec Backdoor.
  Bdaejec is backdoor written in C++.
- Detects the Windows variant of BlackSuit Ransomware
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Bdaejec family

BlackSuit

Blacksuit_windows family

Detects Bdaejec Backdoor.

Detects the Windows variant of BlackSuit Ransomware

ASPack v2.12-2.42

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2