bdaejec

General

Target

2024-12-26_372bccab8bba9047aaec867b16674bdb_smoke-loader_wapomi
Size

95KB
Sample

241226-cxs21svkft
MD5

372bccab8bba9047aaec867b16674bdb
SHA1

598ea7b7409791acb7e656c82bcd5a3df30ebd14
SHA256

d9751ebde56bac457c8f3136062497eae7e5cb9493368a353d9540adb63dea71
SHA512

bb5f7bf4bdfe2bac3658e295a035611194365c5b89e69defce724e87707d997d618139bb1d992d5eb160b11f7e2ef256d41f84a0fa21ad427b3bc82eca69588f
SSDEEP

1536:jmHsKgDuEaIY0TnYZXqp1jblhRMnnHqPP9kWKLVjhGTSR+GCq2iW7z:jmHsKgDDJbTnYZ+lhRKHqPfghMS0GCH

Score

10^/10

Malware Config

Extracted

Family

bdaejec

C2

ddos.dnsnb8.net

Targets

- Target
  
  2024-12-26_372bccab8bba9047aaec867b16674bdb_smoke-loader_wapomi
- Size
  
  95KB
- MD5
  
  372bccab8bba9047aaec867b16674bdb
- SHA1
  
  598ea7b7409791acb7e656c82bcd5a3df30ebd14
- SHA256
  
  d9751ebde56bac457c8f3136062497eae7e5cb9493368a353d9540adb63dea71
- SHA512
  
  bb5f7bf4bdfe2bac3658e295a035611194365c5b89e69defce724e87707d997d618139bb1d992d5eb160b11f7e2ef256d41f84a0fa21ad427b3bc82eca69588f
- SSDEEP
  
  1536:jmHsKgDuEaIY0TnYZXqp1jblhRMnnHqPP9kWKLVjhGTSR+GCq2iW7z:jmHsKgDDJbTnYZ+lhRKHqPfghMS0GCH
Score

10^/10

bdaejec aspackv2 backdoor discovery upx
- Bdaejec
  Bdaejec is a backdoor written in C++.
  backdoor bdaejec
- Bdaejec family
  bdaejec
- Detects Bdaejec Backdoor.
  Bdaejec is backdoor written in C++.
- Detected Nirsoft tools
  Free utilities often used by attackers which can steal passwords, product keys, etc.
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

3

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Bdaejec family

Detects Bdaejec Backdoor.

Detected Nirsoft tools

ASPack v2.12-2.42

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2