General
-
Target
2024-12-21_3657f086f05ea36bc7c2ef7f8f8f733d_smoke-loader_wapomi
-
Size
89KB
-
Sample
241221-mtsbesykhk
-
MD5
3657f086f05ea36bc7c2ef7f8f8f733d
-
SHA1
f541467c8da2227f41f1333028702ded158b792b
-
SHA256
590ab8f8f4d88922a26412a1f7844d38cfed1119e76b0f2d67e23ad2e41456e6
-
SHA512
4bf66baa1aa9fb26a3d523f29c8735bdb51bd78d8c654a3e034dd2446856ec575763c363d5d13c8344e8dc8006198c394e132f11ef54a047c4b48ad9529f16ee
-
SSDEEP
1536:XcfPiE7uVvceOVIrTMtSduWQYp7WPcJmBzVkMo2S7NsKAGCq2iW7z:XkPiETwModuNI2c+VkMTS7Ns3GCH
Static task
static1
Behavioral task
behavioral1
Sample
2024-12-21_3657f086f05ea36bc7c2ef7f8f8f733d_smoke-loader_wapomi.exe
Resource
win7-20240708-en
Malware Config
Extracted
bdaejec
ddos.dnsnb8.net
Targets
-
-
Target
2024-12-21_3657f086f05ea36bc7c2ef7f8f8f733d_smoke-loader_wapomi
-
Size
89KB
-
MD5
3657f086f05ea36bc7c2ef7f8f8f733d
-
SHA1
f541467c8da2227f41f1333028702ded158b792b
-
SHA256
590ab8f8f4d88922a26412a1f7844d38cfed1119e76b0f2d67e23ad2e41456e6
-
SHA512
4bf66baa1aa9fb26a3d523f29c8735bdb51bd78d8c654a3e034dd2446856ec575763c363d5d13c8344e8dc8006198c394e132f11ef54a047c4b48ad9529f16ee
-
SSDEEP
1536:XcfPiE7uVvceOVIrTMtSduWQYp7WPcJmBzVkMo2S7NsKAGCq2iW7z:XkPiETwModuNI2c+VkMTS7Ns3GCH
-
Bdaejec family
-
Detects Bdaejec Backdoor.
Bdaejec is backdoor written in C++.
-
Detected Nirsoft tools
Free utilities often used by attackers which can steal passwords, product keys, etc.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-