General
-
Target
2024-12-21_551cec2d2aa08175bc178c0663011727_poet-rat_smoke-loader_wapomi
-
Size
986KB
-
Sample
241221-byk75aypez
-
MD5
551cec2d2aa08175bc178c0663011727
-
SHA1
f6e9a5e596bcf2ce662c9c14886076675721ae53
-
SHA256
028ac9853b443895a6bdbe8c82ca79fbda655610b584ea07a8095cc70cfeaf46
-
SHA512
52bba16c85288550e83a62d32720d6e17d5a492f90965ec052d2ef897ab3477b4a8f8e9d1fb12386d3dda114ac09a554f1592a9134a56376a4824538885f0919
-
SSDEEP
24576:k2X+Ag4UAG3/FTWRuUlCQO7ZPms5wBOTuS+ND2Bj4t1u5jFlPvnFzaiEIdMAH891:v+Ag4UAO/hWRuUlCQIZPj5wUTuS+ND27
Static task
static1
Behavioral task
behavioral1
Sample
2024-12-21_551cec2d2aa08175bc178c0663011727_poet-rat_smoke-loader_wapomi.exe
Resource
win7-20240903-en
Malware Config
Extracted
bdaejec
ddos.dnsnb8.net
Targets
-
-
Target
2024-12-21_551cec2d2aa08175bc178c0663011727_poet-rat_smoke-loader_wapomi
-
Size
986KB
-
MD5
551cec2d2aa08175bc178c0663011727
-
SHA1
f6e9a5e596bcf2ce662c9c14886076675721ae53
-
SHA256
028ac9853b443895a6bdbe8c82ca79fbda655610b584ea07a8095cc70cfeaf46
-
SHA512
52bba16c85288550e83a62d32720d6e17d5a492f90965ec052d2ef897ab3477b4a8f8e9d1fb12386d3dda114ac09a554f1592a9134a56376a4824538885f0919
-
SSDEEP
24576:k2X+Ag4UAG3/FTWRuUlCQO7ZPms5wBOTuS+ND2Bj4t1u5jFlPvnFzaiEIdMAH891:v+Ag4UAO/hWRuUlCQIZPj5wUTuS+ND27
-
Bdaejec family
-
Detects Bdaejec Backdoor.
Bdaejec is backdoor written in C++.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-