General

  • Target

    2024-12-21_551cec2d2aa08175bc178c0663011727_poet-rat_smoke-loader_wapomi

  • Size

    986KB

  • Sample

    241221-byk75aypez

  • MD5

    551cec2d2aa08175bc178c0663011727

  • SHA1

    f6e9a5e596bcf2ce662c9c14886076675721ae53

  • SHA256

    028ac9853b443895a6bdbe8c82ca79fbda655610b584ea07a8095cc70cfeaf46

  • SHA512

    52bba16c85288550e83a62d32720d6e17d5a492f90965ec052d2ef897ab3477b4a8f8e9d1fb12386d3dda114ac09a554f1592a9134a56376a4824538885f0919

  • SSDEEP

    24576:k2X+Ag4UAG3/FTWRuUlCQO7ZPms5wBOTuS+ND2Bj4t1u5jFlPvnFzaiEIdMAH891:v+Ag4UAO/hWRuUlCQIZPj5wUTuS+ND27

Malware Config

Extracted

Family

bdaejec

C2

ddos.dnsnb8.net

Targets

    • Target

      2024-12-21_551cec2d2aa08175bc178c0663011727_poet-rat_smoke-loader_wapomi

    • Size

      986KB

    • MD5

      551cec2d2aa08175bc178c0663011727

    • SHA1

      f6e9a5e596bcf2ce662c9c14886076675721ae53

    • SHA256

      028ac9853b443895a6bdbe8c82ca79fbda655610b584ea07a8095cc70cfeaf46

    • SHA512

      52bba16c85288550e83a62d32720d6e17d5a492f90965ec052d2ef897ab3477b4a8f8e9d1fb12386d3dda114ac09a554f1592a9134a56376a4824538885f0919

    • SSDEEP

      24576:k2X+Ag4UAG3/FTWRuUlCQO7ZPms5wBOTuS+ND2Bj4t1u5jFlPvnFzaiEIdMAH891:v+Ag4UAO/hWRuUlCQIZPj5wUTuS+ND27

    • Bdaejec

      Bdaejec is a backdoor written in C++.

    • Bdaejec family

    • Detects Bdaejec Backdoor.

      Bdaejec is backdoor written in C++.

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks