bdaejec | b18f0050d1e5a773538ec5299c4e55f9e396ddddec8b4dc17cc3726812bf6fdb | Triage

Sharing

General

Target

2025-02-16_c9346b06362dc6cf5d4f246894fc8c37_smoke-loader_wapomi
Size

152KB
Sample

250216-b5s7bawkfz
MD5

c9346b06362dc6cf5d4f246894fc8c37
SHA1

8c3039ce3a1fd658a4d16ad3f9ece26c855e7783
SHA256

b18f0050d1e5a773538ec5299c4e55f9e396ddddec8b4dc17cc3726812bf6fdb
SHA512

f23538449f98aeca2b6c7c5dea5c5b22a28e217c0f7fa308b59429b5b5d18bebf86215c3a76bc81dbae4bd5fb9bbd9c2abd7ea59fba2f138542c8de0a7625604
SSDEEP

1536:Ekwph3LEMqIskuzEDxqy7N+Uv3UC0rr91yre5r6h9bt7Ec9Eccdk1yq+Me61BW+F:yNqTV8e5r8t7nXAq+MJLWFXz3uGCH

Score

10^/10

bdaejec aspackv2 backdoor defense_evasion discovery persistence privilege_escalation

Malware Config

Extracted

Family

bdaejec

C2

ddos.dnsnb8.net

Targets

- Target
  
  2025-02-16_c9346b06362dc6cf5d4f246894fc8c37_smoke-loader_wapomi
- Size
  
  152KB
- MD5
  
  c9346b06362dc6cf5d4f246894fc8c37
- SHA1
  
  8c3039ce3a1fd658a4d16ad3f9ece26c855e7783
- SHA256
  
  b18f0050d1e5a773538ec5299c4e55f9e396ddddec8b4dc17cc3726812bf6fdb
- SHA512
  
  f23538449f98aeca2b6c7c5dea5c5b22a28e217c0f7fa308b59429b5b5d18bebf86215c3a76bc81dbae4bd5fb9bbd9c2abd7ea59fba2f138542c8de0a7625604
- SSDEEP
  
  1536:Ekwph3LEMqIskuzEDxqy7N+Uv3UC0rr91yre5r6h9bt7Ec9Eccdk1yq+Me61BW+F:yNqTV8e5r8t7nXAq+MJLWFXz3uGCH
Score

10^/10

bdaejec aspackv2 backdoor defense_evasion discovery persistence privilege_escalation
- Bdaejec
  Bdaejec is a backdoor written in C++.
  backdoor bdaejec
- Bdaejec family
  bdaejec
- Detects Bdaejec Backdoor.
  Bdaejec is backdoor written in C++.
- Downloads MZ/PE file
- Modifies Windows Firewall
  defense_evasion
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bdaejecaspackv2backdoordefense_evasiondiscoverypersistenceprivilege_escalation

behavioral2

bdaejecaspackv2backdoordefense_evasiondiscoverypersistenceprivilege_escalation