General

  • Target

    2024-12-03_d9404861e1c2d56adcf98588d36f5dce_smoke-loader_wapomi

  • Size

    372KB

  • Sample

    241203-bvhylasqax

  • MD5

    d9404861e1c2d56adcf98588d36f5dce

  • SHA1

    27961774f59bd5e3a224cd989c68810ef3ae53d0

  • SHA256

    b434bab3956b42fd361cebd7af283a7b14800a8a337cb945ea1e5cf33d360478

  • SHA512

    61cb91f2751965713a0af2edba335bea9a0d5fcd62a760bf22c8c6b1a4e933cdd206d86ceb3833da3e471e999e7c104733b434534494e2f45af8c9996d36757c

  • SSDEEP

    6144:2UGe1bWxVH8JXnqnUhtXgdvrignGKZ4nwpuqVmNlvoazuvsXot:281bWxVH8VsytUvrgKElvoazX

Malware Config

Extracted

Family

redline

Botnet

60n

C2

193.106.191.123:34450

Attributes
  • auth_value

    c9bcbc8fac47ba6b7f3012eca29db0dc

Extracted

Family

bdaejec

C2

ddos.dnsnb8.net

Targets

    • Target

      2024-12-03_d9404861e1c2d56adcf98588d36f5dce_smoke-loader_wapomi

    • Size

      372KB

    • MD5

      d9404861e1c2d56adcf98588d36f5dce

    • SHA1

      27961774f59bd5e3a224cd989c68810ef3ae53d0

    • SHA256

      b434bab3956b42fd361cebd7af283a7b14800a8a337cb945ea1e5cf33d360478

    • SHA512

      61cb91f2751965713a0af2edba335bea9a0d5fcd62a760bf22c8c6b1a4e933cdd206d86ceb3833da3e471e999e7c104733b434534494e2f45af8c9996d36757c

    • SSDEEP

      6144:2UGe1bWxVH8JXnqnUhtXgdvrignGKZ4nwpuqVmNlvoazuvsXot:281bWxVH8VsytUvrgKElvoazX

    • Bdaejec

      Bdaejec is a backdoor written in C++.

    • Bdaejec family

    • Detects Bdaejec Backdoor.

      Bdaejec is backdoor written in C++.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.