General

  • Target

    2024-12-21_3657f086f05ea36bc7c2ef7f8f8f733d_smoke-loader_wapomi

  • Size

    89KB

  • Sample

    241221-mtsbesykhk

  • MD5

    3657f086f05ea36bc7c2ef7f8f8f733d

  • SHA1

    f541467c8da2227f41f1333028702ded158b792b

  • SHA256

    590ab8f8f4d88922a26412a1f7844d38cfed1119e76b0f2d67e23ad2e41456e6

  • SHA512

    4bf66baa1aa9fb26a3d523f29c8735bdb51bd78d8c654a3e034dd2446856ec575763c363d5d13c8344e8dc8006198c394e132f11ef54a047c4b48ad9529f16ee

  • SSDEEP

    1536:XcfPiE7uVvceOVIrTMtSduWQYp7WPcJmBzVkMo2S7NsKAGCq2iW7z:XkPiETwModuNI2c+VkMTS7Ns3GCH

Malware Config

Extracted

Family

bdaejec

C2

ddos.dnsnb8.net

Targets

    • Target

      2024-12-21_3657f086f05ea36bc7c2ef7f8f8f733d_smoke-loader_wapomi

    • Size

      89KB

    • MD5

      3657f086f05ea36bc7c2ef7f8f8f733d

    • SHA1

      f541467c8da2227f41f1333028702ded158b792b

    • SHA256

      590ab8f8f4d88922a26412a1f7844d38cfed1119e76b0f2d67e23ad2e41456e6

    • SHA512

      4bf66baa1aa9fb26a3d523f29c8735bdb51bd78d8c654a3e034dd2446856ec575763c363d5d13c8344e8dc8006198c394e132f11ef54a047c4b48ad9529f16ee

    • SSDEEP

      1536:XcfPiE7uVvceOVIrTMtSduWQYp7WPcJmBzVkMo2S7NsKAGCq2iW7z:XkPiETwModuNI2c+VkMTS7Ns3GCH

    • Bdaejec

      Bdaejec is a backdoor written in C++.

    • Bdaejec family

    • Detects Bdaejec Backdoor.

      Bdaejec is backdoor written in C++.

    • Detected Nirsoft tools

      Free utilities often used by attackers which can steal passwords, product keys, etc.

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks