Extracted

• • Target

    aa9c3dcbf4e00edae59f37b83fe4a7fdea4b7eb761cb29f399dd7fcf6715c5c9

  • Size

    703KB

  • MD5

    83d476bdab5e677bea80fbb6174a880f

  • SHA1

    a8faa627105ed097eccb7753c10c8b1cbca82080

  • SHA256

    aa9c3dcbf4e00edae59f37b83fe4a7fdea4b7eb761cb29f399dd7fcf6715c5c9

  • SHA512

    3039f5db24cbcdd2906a79b2575dd9bd0c07b429e2da85fc80357f2301635803dd434ea43ae6c3dc025894fba67a0178136b0a59dfe32f5d9f9bc4fa629728db

  • SSDEEP

    12288:9tPiphBGuISSrb8ZsiLfW4HmoYySSekE6m5qnlmXxRxstxvX067hpvXOR68i7ylZ:9tPiphMpSS/0sMfH0teE6eqlJXX9XOMV

  Score

  10^/10

  bdaejecblackmoonaspackv2backdoorbankerdiscoverytrojan

  • Bdaejec

    Bdaejec is a backdoor written in C++.

    backdoorbdaejec

  • Bdaejec family

    bdaejec

  • Blackmoon family

    blackmoon

  • Blackmoon, KrBanker

    Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    trojanbankerblackmoon

  • Detect Blackmoon payload

  • Detects Bdaejec Backdoor.

    Bdaejec is backdoor written in C++.

  • ASPack v2.12-2.42

    Detects executables packed with ASPack v2.12-2.42

    aspackv2

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  behavioral1behavioral2