General

  • Target

    2024-12-21_d8a1b98eb4800d6fcdedf96a8351d10b_smoke-loader_wapomi

  • Size

    25KB

  • Sample

    241221-b4a94szler

  • MD5

    d8a1b98eb4800d6fcdedf96a8351d10b

  • SHA1

    f80c1dd61d37ff8ed96f85d74f4343b484c02561

  • SHA256

    0e2a0c87ab0621379ca9e380c5b2ae600e60f008e48d9a8a8451fb930e474bf3

  • SHA512

    12b6df2748d04f8686cdfa4766d3c330e3c8c5dd400a696908ab896972e559602bb86b6febd529e95deca0c730956daa6d275eef4a63f2b698e7abf34268ac06

  • SSDEEP

    384:P2R2sNBczLSsXZQaD7U8iu4YsAa7ZA0UvH2lsRv21yW7GbAxur6+Y9PffPz:Pdic6MQGPL4vzZq2o9W7GsxBbPr

Malware Config

Extracted

Family

bdaejec

C2

ddos.dnsnb8.net

Targets

    • Target

      2024-12-21_d8a1b98eb4800d6fcdedf96a8351d10b_smoke-loader_wapomi

    • Size

      25KB

    • MD5

      d8a1b98eb4800d6fcdedf96a8351d10b

    • SHA1

      f80c1dd61d37ff8ed96f85d74f4343b484c02561

    • SHA256

      0e2a0c87ab0621379ca9e380c5b2ae600e60f008e48d9a8a8451fb930e474bf3

    • SHA512

      12b6df2748d04f8686cdfa4766d3c330e3c8c5dd400a696908ab896972e559602bb86b6febd529e95deca0c730956daa6d275eef4a63f2b698e7abf34268ac06

    • SSDEEP

      384:P2R2sNBczLSsXZQaD7U8iu4YsAa7ZA0UvH2lsRv21yW7GbAxur6+Y9PffPz:Pdic6MQGPL4vzZq2o9W7GsxBbPr

    • Bdaejec

      Bdaejec is a backdoor written in C++.

    • Bdaejec family

    • Detects Bdaejec Backdoor.

      Bdaejec is backdoor written in C++.

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks