bdaejec

General

Target

39b09134c3593dbcc207e3440be7b081e16f8a7a69ffd8d6465bd82adcf87c54
Size

1.6MB
Sample

241227-yd923sylbt
MD5

858db74982d3db51f66648172e1dd8d2
SHA1

d6036c0c240f726f78d0e56e38fa489f8999c8d9
SHA256

39b09134c3593dbcc207e3440be7b081e16f8a7a69ffd8d6465bd82adcf87c54
SHA512

7aad3c1da74e95060a8c0b662b33581d8aa51eb38577d5f70fc2b900c9a576f3652941452ec2ed5f9c546c57fefa3f22cbcb2d9c44574e73f8e5e89556410c1c
SSDEEP

49152:K6YkLp3mT/w+HM4Xbe+29G83aRZlGBnJcSkj1h0nyJBvgS5yz8M:K6vLp3MHMe89FaB63sh19U8M

Score

10^/10

Malware Config

Extracted

Family

bdaejec

C2

ddos.dnsnb8.net

Targets

- Target
  
  39b09134c3593dbcc207e3440be7b081e16f8a7a69ffd8d6465bd82adcf87c54
- Size
  
  1.6MB
- MD5
  
  858db74982d3db51f66648172e1dd8d2
- SHA1
  
  d6036c0c240f726f78d0e56e38fa489f8999c8d9
- SHA256
  
  39b09134c3593dbcc207e3440be7b081e16f8a7a69ffd8d6465bd82adcf87c54
- SHA512
  
  7aad3c1da74e95060a8c0b662b33581d8aa51eb38577d5f70fc2b900c9a576f3652941452ec2ed5f9c546c57fefa3f22cbcb2d9c44574e73f8e5e89556410c1c
- SSDEEP
  
  49152:K6YkLp3mT/w+HM4Xbe+29G83aRZlGBnJcSkj1h0nyJBvgS5yz8M:K6vLp3MHMe89FaB63sh19U8M
Score

10^/10

bdaejec blackmoon aspackv2 backdoor banker discovery trojan
- Bdaejec
  Bdaejec is a backdoor written in C++.
  backdoor bdaejec
- Bdaejec family
  bdaejec
- Blackmoon family
  blackmoon
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- Detects Bdaejec Backdoor.
  Bdaejec is backdoor written in C++.
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Bdaejec family

Blackmoon family

Blackmoon, KrBanker

Detect Blackmoon payload

Detects Bdaejec Backdoor.

ASPack v2.12-2.42

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2