bdaejec

General

Target

401b4ccfa4a58a4a9ae4b4153d98bb66f21835ad5ee1ebba35a37b2e191cce97
Size

4.7MB
Sample

250101-tbm3batneq
MD5

911ced39fce87ebbd6ccc95d20955034
SHA1

f4544c0cc3c14d1b9a1ae1aa67023e1aeb41e335
SHA256

401b4ccfa4a58a4a9ae4b4153d98bb66f21835ad5ee1ebba35a37b2e191cce97
SHA512

376658d08673e4f3866a83c270ece2a2fe8142cc7bf2279fb23a73f1f6a913a235721ad356158a7a7041e0ab655739dacdf8a04f7b476d916888c0b31793dcd1
SSDEEP

98304:EeCSukxBKtDpgEoOEdTJXdV4+cD1/Krjqgae0IC9pLKrCEAmKs:Ewtb0aHbXdO+81/ujqFe0I6ArCF

Score

10^/10

Malware Config

Extracted

Family

bdaejec

C2

ddos.dnsnb8.net

Targets

- Target
  
  401b4ccfa4a58a4a9ae4b4153d98bb66f21835ad5ee1ebba35a37b2e191cce97
- Size
  
  4.7MB
- MD5
  
  911ced39fce87ebbd6ccc95d20955034
- SHA1
  
  f4544c0cc3c14d1b9a1ae1aa67023e1aeb41e335
- SHA256
  
  401b4ccfa4a58a4a9ae4b4153d98bb66f21835ad5ee1ebba35a37b2e191cce97
- SHA512
  
  376658d08673e4f3866a83c270ece2a2fe8142cc7bf2279fb23a73f1f6a913a235721ad356158a7a7041e0ab655739dacdf8a04f7b476d916888c0b31793dcd1
- SSDEEP
  
  98304:EeCSukxBKtDpgEoOEdTJXdV4+cD1/Krjqgae0IC9pLKrCEAmKs:Ewtb0aHbXdO+81/ujqFe0I6ArCF
Score

10^/10

bdaejec blackmoon aspackv2 backdoor banker discovery trojan
- Bdaejec
  Bdaejec is a backdoor written in C++.
  backdoor bdaejec
- Bdaejec family
  bdaejec
- Blackmoon family
  blackmoon
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- Detects Bdaejec Backdoor.
  Bdaejec is backdoor written in C++.
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Bdaejec family

Blackmoon family

Blackmoon, KrBanker

Detect Blackmoon payload

Detects Bdaejec Backdoor.

ASPack v2.12-2.42

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2