General

  • Target

    2024-12-21_33609278c7cd33b6efed808ae4e3fb1b_smoke-loader_wapomi

  • Size

    125KB

  • Sample

    241221-b2k2jayqbx

  • MD5

    33609278c7cd33b6efed808ae4e3fb1b

  • SHA1

    b9fba63699612674274137d7cbb11db34a41e757

  • SHA256

    9c16f612a5032ac5df39d1daa0cfb2a09f9a2f9e8901d28aff4cf831af4aba58

  • SHA512

    a99d7f1fd20c19fe5dea0062f39b16a7d39512e5e4a3c3af770ca509fb89588c9584902d44910e5355d135d68b1235d7ec94096a1d473b9b2016234db48859da

  • SSDEEP

    3072:w9Aj0BgAEhlpQUhp6qsSaPevRPxkFdJNlEkzyr5hGbGCH:wmpzpJLTv4lC

Malware Config

Extracted

Family

bdaejec

C2

ddos.dnsnb8.net

Targets

    • Target

      2024-12-21_33609278c7cd33b6efed808ae4e3fb1b_smoke-loader_wapomi

    • Size

      125KB

    • MD5

      33609278c7cd33b6efed808ae4e3fb1b

    • SHA1

      b9fba63699612674274137d7cbb11db34a41e757

    • SHA256

      9c16f612a5032ac5df39d1daa0cfb2a09f9a2f9e8901d28aff4cf831af4aba58

    • SHA512

      a99d7f1fd20c19fe5dea0062f39b16a7d39512e5e4a3c3af770ca509fb89588c9584902d44910e5355d135d68b1235d7ec94096a1d473b9b2016234db48859da

    • SSDEEP

      3072:w9Aj0BgAEhlpQUhp6qsSaPevRPxkFdJNlEkzyr5hGbGCH:wmpzpJLTv4lC

    • Bdaejec

      Bdaejec is a backdoor written in C++.

    • Bdaejec family

    • Detects Bdaejec Backdoor.

      Bdaejec is backdoor written in C++.

    • Detected Nirsoft tools

      Free utilities often used by attackers which can steal passwords, product keys, etc.

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks