bdaejec | 17868087c32d9352d79b07c1b1c6a0fdc7925d02b72c0fa2f45706cef26a1ee9 | Triage

Submit
Reports

Overview

overview

Static

static

3

2025-02-23...mi.exe

windows7-x64

2025-02-23...mi.exe

windows10-2004-x64

Sharing

General

Target

2025-02-23_bb9832dba928c04e45429e8f641034c6_icedid_smoke-loader_wapomi
Size

1.6MB
Sample

250223-zbph2avqc1
MD5

bb9832dba928c04e45429e8f641034c6
SHA1

3502d220e47c1eaabd7f489111ebb063305f06a8
SHA256

17868087c32d9352d79b07c1b1c6a0fdc7925d02b72c0fa2f45706cef26a1ee9
SHA512

2fbdf703d2f5235ada65bb0b35144ad5290261f490baac418943ecda1c43c5b083b558fe1a423a692b57c810b8cfa6dad14e50ad545e7d4c7b809132a84e85c2
SSDEEP

24576:mMp+uOXsCkPVqqAGyyw7Yhma1c4m6pcoagAJHNvay:aVXkWDyWYhmaZaSs

Score

10^/10

bdaejec aspackv2 backdoor discovery

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2025-02-23_bb9832dba928c04e45429e8f641034c6_icedid_smoke-loader_wapomi.exe

Resource

win7-20240903-en

bdaejec aspackv2 backdoor discovery

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

2025-02-23_bb9832dba928c04e45429e8f641034c6_icedid_smoke-loader_wapomi.exe

Resource

win10v2004-20250217-en

bdaejec aspackv2 backdoor discovery

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

bdaejec

C2

ddos.dnsnb8.net

Targets

- Target
  
  2025-02-23_bb9832dba928c04e45429e8f641034c6_icedid_smoke-loader_wapomi
- Size
  
  1.6MB
- MD5
  
  bb9832dba928c04e45429e8f641034c6
- SHA1
  
  3502d220e47c1eaabd7f489111ebb063305f06a8
- SHA256
  
  17868087c32d9352d79b07c1b1c6a0fdc7925d02b72c0fa2f45706cef26a1ee9
- SHA512
  
  2fbdf703d2f5235ada65bb0b35144ad5290261f490baac418943ecda1c43c5b083b558fe1a423a692b57c810b8cfa6dad14e50ad545e7d4c7b809132a84e85c2
- SSDEEP
  
  24576:mMp+uOXsCkPVqqAGyyw7Yhma1c4m6pcoagAJHNvay:aVXkWDyWYhmaZaSs
Score

10^/10

bdaejec aspackv2 backdoor discovery
- Bdaejec
  Bdaejec is a backdoor written in C++.
  backdoor bdaejec
- Bdaejec family
  bdaejec
- Detects Bdaejec Backdoor.
  Bdaejec is backdoor written in C++.
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bdaejecaspackv2backdoordiscovery

behavioral2

bdaejecaspackv2backdoordiscovery

© 2018-2025

Terms | Privacy