General
-
Target
bcde813658e1946961068af064490609b46909cef02d5b28c063ce0ac6fc2bf8
-
Size
4.5MB
-
Sample
241219-vtgtpawnfw
-
MD5
f37b4b151b4441f006600ba448c7e4a1
-
SHA1
ca036eb66f234b27c6538890e8c28173c64ea84c
-
SHA256
bcde813658e1946961068af064490609b46909cef02d5b28c063ce0ac6fc2bf8
-
SHA512
7d04ead32b31b27017b3f602c109c605de967336d273c36caa71e4baa187a86c27ddf457665b28ac265bc767be998945da60a1d12cf7e17a58e8674d8be8cf2b
-
SSDEEP
98304:1o/FuJjy6T7emnJvBm4LR5H9MYdtQPd28t/ZZzF+r+MtWkhBFh:1o/kZT7em/L+Yd6PdHt/ZZZ8BF
Behavioral task
behavioral1
Sample
bcde813658e1946961068af064490609b46909cef02d5b28c063ce0ac6fc2bf8.exe
Resource
win7-20241023-en
Malware Config
Extracted
bdaejec
ddos.dnsnb8.net
Targets
-
-
Target
bcde813658e1946961068af064490609b46909cef02d5b28c063ce0ac6fc2bf8
-
Size
4.5MB
-
MD5
f37b4b151b4441f006600ba448c7e4a1
-
SHA1
ca036eb66f234b27c6538890e8c28173c64ea84c
-
SHA256
bcde813658e1946961068af064490609b46909cef02d5b28c063ce0ac6fc2bf8
-
SHA512
7d04ead32b31b27017b3f602c109c605de967336d273c36caa71e4baa187a86c27ddf457665b28ac265bc767be998945da60a1d12cf7e17a58e8674d8be8cf2b
-
SSDEEP
98304:1o/FuJjy6T7emnJvBm4LR5H9MYdtQPd28t/ZZzF+r+MtWkhBFh:1o/kZT7em/L+Yd6PdHt/ZZZ8BF
-
Bdaejec family
-
Detects Bdaejec Backdoor.
Bdaejec is backdoor written in C++.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-