General

  • Target

    043625af5f827ca8a90e5e94306a4dc2c2936b5c3e5da634d5c6aa7ad8f5ec5aN.exe

  • Size

    103KB

  • Sample

    241203-nmr8hsyneq

  • MD5

    a8f365d40698122c123f575661761ac0

  • SHA1

    3c0d116d6388bf75ef29a89f4210ddbd0c08af8d

  • SHA256

    043625af5f827ca8a90e5e94306a4dc2c2936b5c3e5da634d5c6aa7ad8f5ec5a

  • SHA512

    4263b7478b1f71aa939a2832f251fdbfde5e0b560f22d074a528b85c11f95fc6888420590e14441845ae923cea449efeaeb2b2c90f2821f02875f40dfb66061d

  • SSDEEP

    1536:ButZMKW/pJ4IOPkibTKzOUblUjYbgKbddYInG+cFfHYToWEGCq2iW7z:B2MLuSyMt79G+ufHYTo7GCH

Malware Config

Extracted

Family

bdaejec

C2

ddos.dnsnb8.net

Targets

    • Target

      043625af5f827ca8a90e5e94306a4dc2c2936b5c3e5da634d5c6aa7ad8f5ec5aN.exe

    • Size

      103KB

    • MD5

      a8f365d40698122c123f575661761ac0

    • SHA1

      3c0d116d6388bf75ef29a89f4210ddbd0c08af8d

    • SHA256

      043625af5f827ca8a90e5e94306a4dc2c2936b5c3e5da634d5c6aa7ad8f5ec5a

    • SHA512

      4263b7478b1f71aa939a2832f251fdbfde5e0b560f22d074a528b85c11f95fc6888420590e14441845ae923cea449efeaeb2b2c90f2821f02875f40dfb66061d

    • SSDEEP

      1536:ButZMKW/pJ4IOPkibTKzOUblUjYbgKbddYInG+cFfHYToWEGCq2iW7z:B2MLuSyMt79G+ufHYTo7GCH

    • Bdaejec

      Bdaejec is a backdoor written in C++.

    • Bdaejec family

    • Detects Bdaejec Backdoor.

      Bdaejec is backdoor written in C++.

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks