Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2025-01-09_adcc61dcc627a89a8d0c8d8600420842_smoke-loader_wapomi

  • Size

    728KB

  • Sample

    250109-txps2awpfj

  • MD5

    adcc61dcc627a89a8d0c8d8600420842

  • SHA1

    1bb66772cc3c291fc224e6aea06f4c779fc610db

  • SHA256

    af6af7b4f8b313d10ccd202dc924091a9e5db7c64f41d3296c6b22cb7a26e05e

  • SHA512

    970720e896b7d1f11ab9260f41c670d44d12cd1e50e3a47dd8a4babeef41997a45742b028190676b859f432d728c55b4d1c76d47f4e61a56f96cb1d9603a37e4

  • SSDEEP

    12288:AU+9H3900EJqrekLEyTYQcDL/TNuUCziP6VFGO5lrEaKYNtcBvAuvlee2NCFbLk5:AU+9XNrenyktDLdYNtcdvQNC9wHAP5cp

Malware Config

Extracted

Family

bdaejec

C2

ddos.dnsnb8.net

Targets

    • Target

      2025-01-09_adcc61dcc627a89a8d0c8d8600420842_smoke-loader_wapomi

    • Size

      728KB

    • MD5

      adcc61dcc627a89a8d0c8d8600420842

    • SHA1

      1bb66772cc3c291fc224e6aea06f4c779fc610db

    • SHA256

      af6af7b4f8b313d10ccd202dc924091a9e5db7c64f41d3296c6b22cb7a26e05e

    • SHA512

      970720e896b7d1f11ab9260f41c670d44d12cd1e50e3a47dd8a4babeef41997a45742b028190676b859f432d728c55b4d1c76d47f4e61a56f96cb1d9603a37e4

    • SSDEEP

      12288:AU+9H3900EJqrekLEyTYQcDL/TNuUCziP6VFGO5lrEaKYNtcBvAuvlee2NCFbLk5:AU+9XNrenyktDLdYNtcdvQNC9wHAP5cp

    • Bdaejec

      Bdaejec is a backdoor written in C++.

    • Bdaejec family

    • Detects Bdaejec Backdoor.

      Bdaejec is backdoor written in C++.

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks