Extracted

• • Target

    fe91fcc1ab305be503ae1bf465ac17888d126c408b0eca67f0410f028bb578a3

  • Size

    674KB

  • MD5

    0ae8192b33e2393dd31ea0b65620cd11

  • SHA1

    f2d0fce747e17e43563e67432e4abe299fd359bc

  • SHA256

    fe91fcc1ab305be503ae1bf465ac17888d126c408b0eca67f0410f028bb578a3

  • SHA512

    84a73412832a59fd4fd37adaa80ec700d1a074bff974176c2d2be0f4a5bb3ab617603e044206d7dd035e9784e3d9de16fce6eb318b4baefe0615c5dee26918ab

  • SSDEEP

    12288:zR9zRLKt2zRFZoBHGBhh087npjp1ZcYzF/2Q655JpSPavfSHIsZ5zEQ225oS:zR9zlKIzRvoBHGZnR+Yzt2Z55/HiHvfZ

  Score

  10^/10

  bdaejecblackmoonaspackv2backdoorbankerdiscoverytrojan

  • Bdaejec

    Bdaejec is a backdoor written in C++.

    backdoorbdaejec

  • Bdaejec family

    bdaejec

  • Blackmoon family

    blackmoon

  • Blackmoon, KrBanker

    Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    trojanbankerblackmoon

  • Detect Blackmoon payload

  • Detects Bdaejec Backdoor.

    Bdaejec is backdoor written in C++.

  • ASPack v2.12-2.42

    Detects executables packed with ASPack v2.12-2.42

    aspackv2

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  behavioral1behavioral2