General
-
Target
2024-12-21_33609278c7cd33b6efed808ae4e3fb1b_smoke-loader_wapomi
-
Size
125KB
-
Sample
241221-b2k2jayqbx
-
MD5
33609278c7cd33b6efed808ae4e3fb1b
-
SHA1
b9fba63699612674274137d7cbb11db34a41e757
-
SHA256
9c16f612a5032ac5df39d1daa0cfb2a09f9a2f9e8901d28aff4cf831af4aba58
-
SHA512
a99d7f1fd20c19fe5dea0062f39b16a7d39512e5e4a3c3af770ca509fb89588c9584902d44910e5355d135d68b1235d7ec94096a1d473b9b2016234db48859da
-
SSDEEP
3072:w9Aj0BgAEhlpQUhp6qsSaPevRPxkFdJNlEkzyr5hGbGCH:wmpzpJLTv4lC
Static task
static1
Behavioral task
behavioral1
Sample
2024-12-21_33609278c7cd33b6efed808ae4e3fb1b_smoke-loader_wapomi.exe
Resource
win7-20240903-en
Malware Config
Extracted
bdaejec
ddos.dnsnb8.net
Targets
-
-
Target
2024-12-21_33609278c7cd33b6efed808ae4e3fb1b_smoke-loader_wapomi
-
Size
125KB
-
MD5
33609278c7cd33b6efed808ae4e3fb1b
-
SHA1
b9fba63699612674274137d7cbb11db34a41e757
-
SHA256
9c16f612a5032ac5df39d1daa0cfb2a09f9a2f9e8901d28aff4cf831af4aba58
-
SHA512
a99d7f1fd20c19fe5dea0062f39b16a7d39512e5e4a3c3af770ca509fb89588c9584902d44910e5355d135d68b1235d7ec94096a1d473b9b2016234db48859da
-
SSDEEP
3072:w9Aj0BgAEhlpQUhp6qsSaPevRPxkFdJNlEkzyr5hGbGCH:wmpzpJLTv4lC
-
Bdaejec family
-
Detects Bdaejec Backdoor.
Bdaejec is backdoor written in C++.
-
Detected Nirsoft tools
Free utilities often used by attackers which can steal passwords, product keys, etc.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-