General

  • Target

    6a82815962b65df6b1398b835c440045f1428a98e5722409e9d8fa579a109b6bN.exe

  • Size

    6.1MB

  • Sample

    241220-fp27ha1mhn

  • MD5

    6b5dab403abbdf2933b711a7c06850e0

  • SHA1

    2492667d1ddb24cba1d43afbeba9fe29ee6bafe9

  • SHA256

    6a82815962b65df6b1398b835c440045f1428a98e5722409e9d8fa579a109b6b

  • SHA512

    babc372e53b2d29c52a6b48a168f74e7d11eea89b7d952a3b7228afa60c9acab19f324a10169a57fa7d412f940fd91dd6acacb7546a426fa7b56250d6691116b

  • SSDEEP

    196608:s19+YadwOKGOiOe5BoXzsePpRjyO0sTd+kg7:s1AYsQGj5AzsgR04S

Malware Config

Extracted

Family

bdaejec

C2

ddos.dnsnb8.net

Targets

    • Target

      6a82815962b65df6b1398b835c440045f1428a98e5722409e9d8fa579a109b6bN.exe

    • Size

      6.1MB

    • MD5

      6b5dab403abbdf2933b711a7c06850e0

    • SHA1

      2492667d1ddb24cba1d43afbeba9fe29ee6bafe9

    • SHA256

      6a82815962b65df6b1398b835c440045f1428a98e5722409e9d8fa579a109b6b

    • SHA512

      babc372e53b2d29c52a6b48a168f74e7d11eea89b7d952a3b7228afa60c9acab19f324a10169a57fa7d412f940fd91dd6acacb7546a426fa7b56250d6691116b

    • SSDEEP

      196608:s19+YadwOKGOiOe5BoXzsePpRjyO0sTd+kg7:s1AYsQGj5AzsgR04S

    • Bdaejec

      Bdaejec is a backdoor written in C++.

    • Bdaejec family

    • Detects Bdaejec Backdoor.

      Bdaejec is backdoor written in C++.

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks