Overview

overview

10

Static

static

3

Revision.1.14.exe

windows10-ltsc 2021-x64

10

Rev.pyc

windows10-ltsc 2021-x64

3

Resubmissions

26-01-2025 13:59

250126-rakvfstjas 10

26-01-2025 13:58

250126-q91jhssrgz 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Revision.1.14.exe

  • Size

    10.4MB

  • Sample

    250126-q91jhssrgz

  • MD5

    e25e39744775a8a636866cc7bc446640

  • SHA1

    9258197f2960a19f6412861fcdee2eb65ea33704

  • SHA256

    d28b5ac49d1df2d04f5c918c3584772efea9260ee514cf0062ea7936ffbc1195

  • SHA512

    b567e820813c78dc7a0864b557cdb8ff9846915fb1d2e6a3c3ddf031a77c4a2b376d6973b35b117ff97a00e690fed432bfbb236da526c824247ab331f6870c86

  • SSDEEP

    196608:WMz28dVl/fzCdDNU/9onJ5hrZEK3e9tGPqKM48RmU/qZlsPv4TbqM/xBfmxMoK5j:km9c5hlEK/PNMtNqZW43rDoK5BN

Score
10/10
bdaejecbackdoordefense_evasiondiscoveryexploitpersistencepyinstaller

Malware Config

Extracted

Family

bdaejec

C2

ddos.dnsnb8.net

Targets

    • Target

      Revision.1.14.exe

    • Size

      10.4MB

    • MD5

      e25e39744775a8a636866cc7bc446640

    • SHA1

      9258197f2960a19f6412861fcdee2eb65ea33704

    • SHA256

      d28b5ac49d1df2d04f5c918c3584772efea9260ee514cf0062ea7936ffbc1195

    • SHA512

      b567e820813c78dc7a0864b557cdb8ff9846915fb1d2e6a3c3ddf031a77c4a2b376d6973b35b117ff97a00e690fed432bfbb236da526c824247ab331f6870c86

    • SSDEEP

      196608:WMz28dVl/fzCdDNU/9onJ5hrZEK3e9tGPqKM48RmU/qZlsPv4TbqM/xBfmxMoK5j:km9c5hlEK/PNMtNqZW43rDoK5BN

    Score
    10/10
    bdaejecbackdoordefense_evasiondiscoveryexploitpersistence

    • Bdaejec

      Bdaejec is a backdoor written in C++.

      backdoorbdaejec

    • Bdaejec family

      bdaejec

    • Detects Bdaejec Backdoor.

      Bdaejec is backdoor written in C++.

    • Possible privilege escalation attempt

      exploit

    • Server Software Component: Terminal Services DLL

      persistence

    • Sets service image path in registry

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies file permissions

      discovery

    • File and Directory Permissions Modification: Windows File and Directory Permissions Modification

      defense_evasion

    • Drops file in System32 directory

    behavioral1

    • Target

      Rev.pyc

    • Size

      18KB

    • MD5

      76d9c01240ab981ba9c691aa321c188c

    • SHA1

      bf44b3b9c394f21441e809d5e2306bd788a7985b

    • SHA256

      a976ffbec62b18c6e1eedf6b1e5a7f19377fb92d0bf47b2c7f4aa58e102c8c84

    • SHA512

      da44f9440b99ba2faf20c485adf18b65c3284d720dcc7ba75be743afc82219ed1ea699b1d9536ae63d20052e4342fcc264e17d426337a4ef8f644477f485c781

    • SSDEEP

      384:pwISn8q/G/CcyPZl+/ih+kLLPeEGPwt1herNtPenvo282+65IFQDg5hPXcn5C/pl:pwIc8q/G/FyPZl+/ihVLPeEGIt1hext3

    Score
    3/10
    behavioral2

MITRE ATT&CK Enterprise v15

Tasks