bdaejec | aa5ef81a2ec81b4e1d512cf6621b766b7fe8e0cb916c6108f21bd8f981a6eb09 | Triage

Submit
Reports

Overview

overview

Static

static

3

aa5ef81a2e...09.exe

windows7-x64

aa5ef81a2e...09.exe

windows10-2004-x64

Sharing

General

Target

aa5ef81a2ec81b4e1d512cf6621b766b7fe8e0cb916c6108f21bd8f981a6eb09.exe
Size

538KB
Sample

250217-dpc69sxrcr
MD5

77ef656a84d30c446b7090e522d19dc1
SHA1

b8f715df15ec1df3d5521d29fe5b7f3118db0674
SHA256

aa5ef81a2ec81b4e1d512cf6621b766b7fe8e0cb916c6108f21bd8f981a6eb09
SHA512

d39fb9420806760be3480c9a4b8b3629eb1415c22e0026836ab5ad0f0e688b2050162e447c09e9f2fd8615ac30d274cc7f02c1e0aa34ce98ad2e69029dcc7e77
SSDEEP

12288:xrMIztyCK5x8CBmn+RrNbEyWYa0Ie1vUxjVQ:HZyCA8CBmn+RrNj9ay5GQ

Score

10^/10

bdaejec aspackv2 backdoor discovery

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

aa5ef81a2ec81b4e1d512cf6621b766b7fe8e0cb916c6108f21bd8f981a6eb09.exe

Resource

win7-20240903-en

bdaejec aspackv2 backdoor discovery

windows7-x64

11 signatures

120 seconds

Behavioral task

behavioral2

Sample

aa5ef81a2ec81b4e1d512cf6621b766b7fe8e0cb916c6108f21bd8f981a6eb09.exe

Resource

win10v2004-20250211-en

bdaejec aspackv2 backdoor discovery

windows10-2004-x64

13 signatures

120 seconds

Malware Config

Extracted

Family

bdaejec

C2

ddos.dnsnb8.net

Targets

- Target
  
  aa5ef81a2ec81b4e1d512cf6621b766b7fe8e0cb916c6108f21bd8f981a6eb09.exe
- Size
  
  538KB
- MD5
  
  77ef656a84d30c446b7090e522d19dc1
- SHA1
  
  b8f715df15ec1df3d5521d29fe5b7f3118db0674
- SHA256
  
  aa5ef81a2ec81b4e1d512cf6621b766b7fe8e0cb916c6108f21bd8f981a6eb09
- SHA512
  
  d39fb9420806760be3480c9a4b8b3629eb1415c22e0026836ab5ad0f0e688b2050162e447c09e9f2fd8615ac30d274cc7f02c1e0aa34ce98ad2e69029dcc7e77
- SSDEEP
  
  12288:xrMIztyCK5x8CBmn+RrNbEyWYa0Ie1vUxjVQ:HZyCA8CBmn+RrNj9ay5GQ
Score

10^/10

bdaejec aspackv2 backdoor discovery
- Bdaejec
  Bdaejec is a backdoor written in C++.
  backdoor bdaejec
- Bdaejec family
  bdaejec
- Detects Bdaejec Backdoor.
  Bdaejec is backdoor written in C++.
- Downloads MZ/PE file
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bdaejecaspackv2backdoordiscovery

behavioral2

bdaejecaspackv2backdoordiscovery

© 2018-2025

Terms | Privacy