bdaejec

Sharing

Copy URL

Twitter E-mail

General

Target

Shoheis Adult Streaming Channel.zip
Size

9.7MB
Sample

250207-kqhlpsvqhs
MD5

f61289a26d0591d06bc997183d9aa3ad
SHA1

bca0f89100e063c94ad5199b611af279b414d11f
SHA256

dddd2be8f4d72ca2c070cc70cb07c8ef7a4f85f23e40eac46d44f8b7e4afe127
SHA512

c05f8be65066d1866d1474397892640534d4ff0e57c6814af9b55934e828012e416ce05578f68af7f0019e655573d6deedd9aa36a223277c69e540119596188b
SSDEEP

196608:Rk7G+7KSUSjMK8k4zz5LvgrDR6CrQeb3YNwIHF49rgCpvGWL/EJS8uw+:V+2cYK8k4zz58rYebmHF6NGScJS80

Score

10^/10

Malware Config

Extracted

Family

bdaejec

ddos.dnsnb8.net

Targets

- Target
  
  Shohei's Adult Streaming Channel/lib/windows-i686/Lib/ssl.pyo
- Size
  
  29KB
- MD5
  
  42d5cc5178588881d07de1471d746e5d
- SHA1
  
  881abd1ed21cfc71adef4fea21a4dc3745ac9aa0
- SHA256
  
  183322ed00bfea0cee121977e0948e6800de072e1ac3fe5f98b77e34845dc9b9
- SHA512
  
  417e9182e06ace147792d7c3125a9e3c315e2d94968f6cdbd68a7e468f90d356fe54228ba62ea0e5c0a0f8dae059f84ef2416f9cb2e29712f7940d0b7fed79e6
- SSDEEP
  
  768:NE3twv1gX6w7tYAx1aXxev9VYuGGbDIJ2tM:a3t+ut7tYAx1ahejsGbDIJaM
Score

3^/10

discovery
behavioral1 behavioral2
- Target
  
  Shohei's Adult Streaming Channel/lib/windows-i686/Lib/stat.pyo
- Size
  
  2KB
- MD5
  
  c7776e1e330cbfa36b3bc021bf1469d9
- SHA1
  
  cd16b1c4f05dbdc2bda94af11439983d33fd96e9
- SHA256
  
  77a0ae9cfcf265b006d37d63b85a7b84e404685b70ab2887bd15697f2a090f2b
- SHA512
  
  6893b7a0965840ac8ecaca8de9dda8362ceae80360b1d4c252b9dbd112b85ec12660a0511d66212e72ad5fd6188be0fbed4d8606e5c95713757a4f1a7fcbdee3
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  Shohei's Adult Streaming Channel/lib/windows-i686/Lib/types.pyo
- Size
  
  2KB
- MD5
  
  4b26c6079f581b5eb81aa32b767370b4
- SHA1
  
  fca21ba6734bd8b9c5eae499499b7249262809f8
- SHA256
  
  d970e3c7a86b38bb486d61515918ba8f520d43447c84e302e8fa376e73c4aba5
- SHA512
  
  3486e810859858c8c67374ea61bfbb81d689e9fc21235bd37f76a683a1ec68946a04a0b85ecc3c78406f75ef46c6dff733d2f3e63b7f59112d8d11570bff3f32
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  Shohei's Adult Streaming Channel/lib/windows-i686/Lib/unicodedata.pyd
- Size
  
  670KB
- MD5
  
  0f0deb93e54a9f1b88264f7a0361693b
- SHA1
  
  d4d743da19d8f68a9a53a742514cad18c474e9f4
- SHA256
  
  929397bbfb0e34dda5d18b6c4e5d271b4ee6a63a32e5f0c328a53b1c55a9590e
- SHA512
  
  d2d4d1372f3e8c5a06c46e722de89949ce7ccc5deeff1310c9124ed39674912b355d3b4bd2c0abe5e8c6a6e714bc5d11ee56bd969f5eb874d141e28d1795e72f
- SSDEEP
  
  12288:kP3T3AxoMPBt8FpQsVdFiI5mZMPXubUxktwd:o3LxM8XQsVdXSPAxLd
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  Shohei's Adult Streaming Channel/lib/windows-i686/Lib/warnings.pyo
- Size
  
  11KB
- MD5
  
  52c5608eadc15e2bc9939bcea787647a
- SHA1
  
  d3d9a10514086632d0df6d8686ae1a41aa4c3acb
- SHA256
  
  37b7cd1b00ed0759d64a8299b863a447b0f1171323026b5f499afd9514c51ded
- SHA512
  
  9408797f5900922c66265adc7681e00ebc0a54b8982ef6ffd01cad9552929f5553af4affdced33a7bdfa016a405ffc689346bab0a423e12163e111b0a4afc148
- SSDEEP
  
  192:Ht1Y6PCfXSgsEbCz6pmiDAHQrI+WaLQawVHRPMP0aLtcprv3c+ay2a:3jNsmz6pmiwQrvQaoSfLKVv3cg
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  Shohei's Adult Streaming Channel/lib/windows-i686/Lib/win32wnet.pyd
- Size
  
  24KB
- MD5
  
  6de0ace298bfe90b36a173e7547f7c6a
- SHA1
  
  871bbf9cd0c056b2aef11a0af83d07ee33ca46ca
- SHA256
  
  e5b51438204d762734625f3e03c571b3b90c2ecdc358af167bdbc6bea8a0d3e3
- SHA512
  
  60ad190f0ac1a4d6f7da164b59876d9f79e2e912d6f7aeea2cd545fbe9e9a82a10ef953a1cb3584173aac49e37338a1a3b0a7951a5912cc62d74b63476581b3b
- SSDEEP
  
  768:9RZ5g+l3KQZrpJI+LXOJqIsmANOtrD5OEhrV262R:9RZ5g+l3KQZrpfLXOJqIsmANOtvhrV2Z
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  Shohei's Adult Streaming Channel/lib/windows-i686/SDL2.dll
- Size
  
  1.1MB
- MD5
  
  ce52bf34ba0d1d9bbd1212dc0d54e9fc
- SHA1
  
  0fc779ec0dc97bc3c1ed5e103f0be6fedd9f3f26
- SHA256
  
  eca3fcc5df102240c26af6f7232e5de57304ac85310b6bd82b3cb948127b22ea
- SHA512
  
  3f5412baf3a40edf60d7cd76125e9bbab7d7f216abfa6ff2edd8cdbe3bb3f6069f125b5ca88774acfccfd1d6960124492e87a0cd7682468fd66405bde34453d5
- SSDEEP
  
  24576:qg8H/0B7snTEwL1KoaSK/wU4uLjxLfr4HKFtmrajo5fG7EnXxB:4U2EwL1KopKzLlYraal
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  Shohei's Adult Streaming Channel/lib/windows-i686/SDL2_image.dll
- Size
  
  220KB
- MD5
  
  4f7a56e3ca169c68c38f9efc97b697b0
- SHA1
  
  882032bf5f8d9bc9d46afc83c34ecc845c6819fc
- SHA256
  
  4e955fd27361d3f8a8b8ecdbf5bed7158967aa22ebfeb2e58449696f25fb2217
- SHA512
  
  3e7745ec4388c3c585d59c60adcc8fd466b4274dff5989d04893220d31caf0b946c7275aa8dccce5352e502d6dfff208f83d38660c27c6c81d529d09d1df3d04
- SSDEEP
  
  3072:pwqhrGPkM8QtNc45EO3cc262sQQ65ntw1QwY0:phrGP1jcOy62/eQwY0
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  Shohei's Adult Streaming Channel/lib/windows-i686/SDL2_ttf.dll
- Size
  
  54KB
- MD5
  
  bb1772827d4a6265f8cdf50cb5e98073
- SHA1
  
  0204ff7a20525244312bf95a9082aaeac95ae49a
- SHA256
  
  2b3e62a85b22e223aa0a41d1b54b0a888210e4a8d9baed7410ec3fa3da3d3390
- SHA512
  
  11b01022701ad0f69a3dbc0240c843b9785cb2958c89d7c30045fedfd7c9296f03c50d431bbf692dad0bfff3e6e9fbc37724da8341f59ae03103e7133f951353
- SSDEEP
  
  768:xqQLYBOEhsuhoU8t1Q+knBzVqpfCxDnH9G8Nz0:xqvOEhsuqU87QZLqpfIDndGP
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  Shohei's Adult Streaming Channel/lib/windows-i686/ShoheiAdultStreamingChannel.exe
- Size
  
  303KB
- MD5
  
  e84970f1a480d90cf3e603ef0299a59a
- SHA1
  
  6f97e84d09462f13075124954e2d163463b677c7
- SHA256
  
  a1074bd7f05a19c7e35ace72fb7543cdaf32cd85e565703b7d86d61662cfe1db
- SHA512
  
  2b5067cb1caf0cf65160a0450a3fcb2d2515e5dba93188d07272520bf439a905701a5410e32d379bb68881b1a2c878483af55a0cf7586bc4775b50a1feb7d7de
- SSDEEP
  
  6144:+tNGwuxKL6rqZ8Z6NtctRim5GpmfPqrC:EUqZ8M0i
Score

10^/10

bdaejec aspackv2 backdoor discovery
- Bdaejec
  Bdaejec is a backdoor written in C++.
  backdoor bdaejec
- Bdaejec family
  bdaejec
- Detects Bdaejec Backdoor.
  Bdaejec is backdoor written in C++.
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral19 behavioral20
- Target
  
  Shohei's Adult Streaming Channel/lib/windows-i686/avcodec-57.dll
- Size
  
  3.0MB
- MD5
  
  91f1baec2aea3ffb40429057b8c486ab
- SHA1
  
  bf3e027e2ac9fd3983268e443d44f3fdcf954975
- SHA256
  
  ceddbf3f7a4b9f86110a76a03a478cdbd08f9a9ad2301253044c415051b1226d
- SHA512
  
  332a4bdfadb06625fa288cd2dfeb9d368723c60324ec0cdc80db334b086568a16583a5a628756ac3ed139d77fa965aaabfb973576f641d8fcbe8ac3cd856f8fd
- SSDEEP
  
  49152:uTyYAsu2QuVU2VkQyoHbtK0OBgZiiyl/pusCsVVLrXtgmeHYwy5:tsu2QKVkQyoHbtchnrmP
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  Shohei's Adult Streaming Channel/lib/windows-i686/avformat-57.dll
- Size
  
  513KB
- MD5
  
  c41e3d1a8bbdb5809f00e341bca19ff2
- SHA1
  
  cdb36edacbb4903cd0a1baf134d6215805efca6b
- SHA256
  
  4ef1dc43fe5a99fbd165b6381889d6729d4c1b18eb1eafed15ecffc9596a99e2
- SHA512
  
  b8d0aa99184bdba29363b9419fe62777008affc6a23505373464eaa79bab8fda9824d129083de7c87ace481f12db71d00603b458a8c5b1df3761f7fbf8bb7ac3
- SSDEEP
  
  12288:SGFco2HHT8wc4yeIJVhX5WNV/m9TJ7NjMHJn+2+H8ZYc5iQXbT/ZHaEIRscuH:SGFco2nT8wc4yeIJbJO/UTJ7NjMHJ+2B
Score

3^/10

discovery
behavioral23 behavioral24
- Target
  
  Shohei's Adult Streaming Channel/lib/windows-i686/avutil-55.dll
- Size
  
  464KB
- MD5
  
  1c20722d736b9309924a863e09e9623b
- SHA1
  
  f63f547d331463628e8ff54acd352a89f2e085f2
- SHA256
  
  652fef361b11478277978571975412b14cb02c6e32346899cfc94a12473cad3d
- SHA512
  
  bf63f81b3ee3ccae332abf6a80e4d25235549391601cd90b6e36e12c40be766d7b36cd36b09ea3f0c7e54fcaf703d6f8fd8dcff0ff7f748d76debac27909aeb3
- SSDEEP
  
  12288:E9HtbhKurNMDiYHfBSyfwR7gcDCqi60t:E9HtbhKuyuYHfBSyf1AC3t
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  Shohei's Adult Streaming Channel/lib/windows-i686/dxwebsetup.exe
- Size
  
  285KB
- MD5
  
  bcbb7c0cd9696068988953990ec5bd11
- SHA1
  
  3c8243734cf43dd7bb2332ba05b58ccacfa4377c
- SHA256
  
  34f64699d4830145cae69bd40115b1f326e70fc6a98456cb3df996d947dddca4
- SHA512
  
  551a2e3aa5fc7c0e79c3bd7c5333df5f1920ea83fe35b99adbbe865ea926fa772d72709bde2ea8f2685f4914cd96ff7b5b6f894f9b99f1120c2abe89c390a786
- SSDEEP
  
  6144:3WK8fc2liXmrLxcdRDLiH1vVRGVOhMp421/7YQ43:mcvgLARDI1KIOzOR3
Score

7^/10

discovery persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral27 behavioral28
- Target
  
  Shohei's Adult Streaming Channel/lib/windows-i686/glew32.dll
- Size
  
  469KB
- MD5
  
  c9fc9430197c42121071eae2c9cd0235
- SHA1
  
  e8ddca90f151bdf3af0cc42152879b17dbf465e7
- SHA256
  
  292229693c1018260670ca5d6177b31bd0e0e695e6c964f43936312153e6a868
- SHA512
  
  e82b77a9506a40b0dbd4eff3f5d24c0d41259b4700cc5bf94a9cb6a3b054d8f7598bb44cae77f9c1b9dbfdbb92bdc003c5893bd6e2af7af683725b74386dd8c9
- SSDEEP
  
  12288:2TuEflvaBdzAN38uUexEKfmUlzEAcQlLTr9:2TuEflvaBdzAN38uUexEemONLn9
Score

3^/10

discovery
behavioral29 behavioral30
- Target
  
  Shohei's Adult Streaming Channel/lib/windows-i686/libEGL.dll
- Size
  
  117KB
- MD5
  
  2c7ae2528b67682a08cfc4b2c6e55930
- SHA1
  
  82ea09a0d626f89301c9b296b7ef46ca34551b70
- SHA256
  
  5250e9c2cb7bede7722a6717f80e75dc91b177e830d77162d68f7cde51b18d32
- SHA512
  
  9ff35d77d2368874998bd0d6448c2053228937dc1eeae42924c4b0a679cd8c38d6797d077687b7d39fcc884d568ea5b7f550fbfd25d69b8f394e97fe1dd3df6b
- SSDEEP
  
  3072:WEfN9UYe0spM00oyjQZqn9lMcjK3GIxdy:VPhe0oyjt9lMcjKWC
Score

3^/10

discovery
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Bdaejec family

Detects Bdaejec Backdoor.

ASPack v2.12-2.42

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32