General

  • Target

    2024-12-03_f30391b44be93301d9bcb89b09c18520_avoslocker_cobalt-strike_luca-stealer_wapomi

  • Size

    164KB

  • Sample

    241203-x9xaeswjfl

  • MD5

    f30391b44be93301d9bcb89b09c18520

  • SHA1

    373000c560d4d0781552053daca75b8d4c3a769f

  • SHA256

    b23266990e11675fb002bc3b3794b728feffbd2bc74ab5661e59f044d752a443

  • SHA512

    bb454b691d08aab525666f02719fa3ac8f9e839beb179614536438e3968669e00616f4c5fa3d8da67a38ed642bd1d00c7ddaf76ca093694d8c5cd530b2b9d26e

  • SSDEEP

    3072:h8nH9j2ziuvAaIBlCn24Rc4Yn0NJKckH2Fe7E29A/zdGt69heo4JLGCH:hyR2zi7ajvRcGLKZH2FaLw9hH4Jy

Malware Config

Extracted

Family

bdaejec

C2

ddos.dnsnb8.net

Targets

    • Target

      2024-12-03_f30391b44be93301d9bcb89b09c18520_avoslocker_cobalt-strike_luca-stealer_wapomi

    • Size

      164KB

    • MD5

      f30391b44be93301d9bcb89b09c18520

    • SHA1

      373000c560d4d0781552053daca75b8d4c3a769f

    • SHA256

      b23266990e11675fb002bc3b3794b728feffbd2bc74ab5661e59f044d752a443

    • SHA512

      bb454b691d08aab525666f02719fa3ac8f9e839beb179614536438e3968669e00616f4c5fa3d8da67a38ed642bd1d00c7ddaf76ca093694d8c5cd530b2b9d26e

    • SSDEEP

      3072:h8nH9j2ziuvAaIBlCn24Rc4Yn0NJKckH2Fe7E29A/zdGt69heo4JLGCH:hyR2zi7ajvRcGLKZH2FaLw9hH4Jy

    • Bdaejec

      Bdaejec is a backdoor written in C++.

    • Bdaejec family

    • Detects Bdaejec Backdoor.

      Bdaejec is backdoor written in C++.

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks