Overview

overview

10

Static

static

3

DutchbotInject.exe

windows7-x64

10

DutchbotInject.exe

windows10-2004-x64

10

Dutchlove2.dll

windows7-x64

3

Dutchlove2.dll

windows10-2004-x64

3

Start.bat

windows7-x64

10

Start.bat

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Injector.rar

  • Size

    687KB

  • Sample

    241212-xn6lzatnfy

  • MD5

    babd9817e4ca46e8d18d3aa888f44f2f

  • SHA1

    d4de7955bc34d2987dbaff0bfc3c6ec48a37a3b1

  • SHA256

    dad7a866296451107ef612d5dbf3086b0c7b080d6bea2692675eef1754ebde9f

  • SHA512

    fe0f158ee5fa9288f622052d87555d22d1c4b3b769556eb00f630f2a7f0f00890dcacc1603d14a62909f60fb3425604fa32e8f50196e6b2f7a04e5ddc4d7b206

  • SSDEEP

    12288:WF1LPBKuyJwCTnqBb2HNpDIPhYlxsIkH80mwG4w1mA05jjA4vmQNIifx8bTLewvx:2FZKuyfnq+NpDIJ01kcPwGDm/jzNZ8bX

Score
10/10
bdaejecaspackv2backdoordiscoveryevasionexecution

Malware Config

Extracted

Family

bdaejec

C2

ddos.dnsnb8.net

Targets

    • Target

      DutchbotInject.exe

    • Size

      161KB

    • MD5

      6cb99c55f0d629d987a3e1cd838c251f

    • SHA1

      fc4fb10db33c0072ef2fda75f03ca24133b2ab86

    • SHA256

      bbddd9c524af0099a14653dc9fc4cbb1621f6eebe4fae7385e034884e45089a7

    • SHA512

      ae721c475450ff1d0a13d637e932bfdf5d05916527caa437897bc6897ee1523e21ce3ad87ab632d93e5c191afe26421fac364e5d918c368efcbf074d7e975ea6

    • SSDEEP

      1536:fRGCzQjSVxm+GCq2iW7zLNX5MdzNoBl4Lq:fRGWjPZGCHlX5kel4Lq

    Score
    10/10
    bdaejecaspackv2backdoordiscoveryevasionexecution

    • Bdaejec

      Bdaejec is a backdoor written in C++.

      backdoorbdaejec

    • Bdaejec family

      bdaejec

    • Detects Bdaejec Backdoor.

      Bdaejec is backdoor written in C++.

    • Stops running service(s)

      evasionexecution

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

      aspackv2

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

    • Target

      Dutchlove2.dll

    • Size

      1.6MB

    • MD5

      687932f2f49a6665e8fecaa522c7dfc2

    • SHA1

      029a0b9e8e10e83caad07202625fd0b4e53bdc87

    • SHA256

      5b25c651d62c0e0fcc143a409a8783c876522b3fe861d81e4d8338e22f630f1b

    • SHA512

      1ebbf0aa8f46b1a2fed7fefc1478efbbb8e242cab1fa3a336d94cf2f6e0f318d4958fca4c10a22dc239d6a226e8dd3cd95a4976f188f3ce098b7fd2834b24b68

    • SSDEEP

      24576:3gywMoo8X3jDtPNjHpx3Wn36nBgCQqsGZf3k82BK1tyFDG4OIKkM2N5xo:Qyw1RHjDtPjZm6BLQqHf3k8yLOI6

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      Start.bat

    • Size

      2KB

    • MD5

      6319006e2bfe88e5d7c643f6f44e25c8

    • SHA1

      3cc007c17d44a0d5292a4f397abe8990c19ed17e

    • SHA256

      b479648114f6ec339ff14483f813ef312d67fad1630a2c52f9b475717ee9f4c1

    • SHA512

      81ac3ca0fd198cb094156fb6f0d4b882d7ec676b201bf2b996fba095013d11c9de38de6c2442cca8f340aefc921db02e623502afa6f5038e3733337120b90fcd

    Score
    10/10
    bdaejecaspackv2backdoordiscoveryevasionexecution

    • Bdaejec

      Bdaejec is a backdoor written in C++.

      backdoorbdaejec

    • Bdaejec family

      bdaejec

    • Detects Bdaejec Backdoor.

      Bdaejec is backdoor written in C++.

    • Stops running service(s)

      evasionexecution

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

      aspackv2

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral5behavioral6

MITRE ATT&CK Enterprise v15

Tasks