General

  • Target

    2024-12-03_e98ed2c6b266cedf1ae2c3696d75e7b5_smoke-loader_wapomi

  • Size

    102KB

  • Sample

    241203-pnw4ja1jhl

  • MD5

    e98ed2c6b266cedf1ae2c3696d75e7b5

  • SHA1

    7db1f51d0a188d972b396c705e5a48c771894c1a

  • SHA256

    71ccc15fd80fa65a81b0c8332efdbb76d00800aaa464f6c4a808085e8bc3c320

  • SHA512

    59237752c6cb4b2bf6d55bebb89c71e8cba14f3469cffa6aabdebc183c1b1c976b3164bacaa7c7a69fbb9c12dee2084c2f66500d2f476f3aadab828c27b967c7

  • SSDEEP

    3072:d/jHsRibJQFHXDT4dY6oNP7vx8lx3GCH:FRbuV4dYHNPbxqc

Malware Config

Extracted

Family

bdaejec

C2

ddos.dnsnb8.net

Targets

    • Target

      2024-12-03_e98ed2c6b266cedf1ae2c3696d75e7b5_smoke-loader_wapomi

    • Size

      102KB

    • MD5

      e98ed2c6b266cedf1ae2c3696d75e7b5

    • SHA1

      7db1f51d0a188d972b396c705e5a48c771894c1a

    • SHA256

      71ccc15fd80fa65a81b0c8332efdbb76d00800aaa464f6c4a808085e8bc3c320

    • SHA512

      59237752c6cb4b2bf6d55bebb89c71e8cba14f3469cffa6aabdebc183c1b1c976b3164bacaa7c7a69fbb9c12dee2084c2f66500d2f476f3aadab828c27b967c7

    • SSDEEP

      3072:d/jHsRibJQFHXDT4dY6oNP7vx8lx3GCH:FRbuV4dYHNPbxqc

    • Bdaejec

      Bdaejec is a backdoor written in C++.

    • Bdaejec family

    • Detects Bdaejec Backdoor.

      Bdaejec is backdoor written in C++.

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks