bdaejec | 9a060c3a9aa0640fdb24d491255d96d1d82d8d5e1d2dc02aa12fcd427294017f | Triage

Submit
Reports

Overview

overview

Static

static

1

PUBGM Bp (1).rar

windows10-2004-x64

Sharing

General

Target

PUBGM Bp (1).rar
Size

26.4MB
Sample

250125-r3125symfj
MD5

5f4136d2bf8eb7a6f8efd36c7c82550f
SHA1

d0b8c5e3dee41720b77374ffd40ca0bf59d78c5c
SHA256

9a060c3a9aa0640fdb24d491255d96d1d82d8d5e1d2dc02aa12fcd427294017f
SHA512

38f20d5200dba5fad17956feba31cf309776137b65603ee5548394ec9821458848f4f17fe6ccfbbcc2761da538fcd85134e517b776a46a1c88f5709cbe2ec700
SSDEEP

393216:tET/VwQVNl3s04rygE/e9L7XvqHvtLxwWX2X/hkA+izXBWIedCd3YFfsEu8wvcfj:2Td13VUGWpDGvaA5vu8wv9/kEigjvw

Score

10^/10

bdaejec aspackv2 backdoor defense_evasion discovery themida

Static task

static1

Behavioral task

behavioral1

Sample

PUBGM Bp (1).rar

Resource

win10v2004-20241007-en

bdaejec aspackv2 backdoor defense_evasion discovery themida

windows10-2004-x64

21 signatures

150 seconds

Malware Config

Extracted

Family

bdaejec

C2

ddos.dnsnb8.net

Targets

- Target
  
  PUBGM Bp (1).rar
- Size
  
  26.4MB
- MD5
  
  5f4136d2bf8eb7a6f8efd36c7c82550f
- SHA1
  
  d0b8c5e3dee41720b77374ffd40ca0bf59d78c5c
- SHA256
  
  9a060c3a9aa0640fdb24d491255d96d1d82d8d5e1d2dc02aa12fcd427294017f
- SHA512
  
  38f20d5200dba5fad17956feba31cf309776137b65603ee5548394ec9821458848f4f17fe6ccfbbcc2761da538fcd85134e517b776a46a1c88f5709cbe2ec700
- SSDEEP
  
  393216:tET/VwQVNl3s04rygE/e9L7XvqHvtLxwWX2X/hkA+izXBWIedCd3YFfsEu8wvcfj:2Td13VUGWpDGvaA5vu8wv9/kEigjvw
Score

10^/10

bdaejec aspackv2 backdoor defense_evasion discovery themida
- Bdaejec
  Bdaejec is a backdoor written in C++.
  backdoor bdaejec
- Bdaejec family
  bdaejec
- Detects Bdaejec Backdoor.
  Bdaejec is backdoor written in C++.
- Downloads MZ/PE file
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Drops desktop.ini file(s)
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

File Deletion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bdaejecaspackv2backdoordefense_evasiondiscoverythemida

© 2018-2025

Terms | Privacy