bdaejec

General

Target

2025-02-27_ec643f235368690114c4133a77689f0a_smoke-loader_wapomi
Size

210KB
Sample

250227-c6a8kaspw4
MD5

ec643f235368690114c4133a77689f0a
SHA1

e0677ceb0095e89520f82371eceee090a37c41d1
SHA256

bec4376ec5e5e76bf7a11170951dba67c39b665629cd47d1c7fdf33a24f2f7b0
SHA512

707ac1b126586cd8261d0e3fc81d33bfb43d9e0dfdb188fdea45d2c58cb9919f316e23645f755512b8ab25ecc1fdd41e48e4552986f481124232f2b48699ed3e
SSDEEP

3072:NR3YT8Nafa2MnXXE1CVgewi8DrH2JR1jyBNMy5BIVOCwHhlPGCH:7pa/MXU1CgoErWVjmjWJaho

Score

10^/10

Malware Config

Extracted

Family

bdaejec

C2

ddos.dnsnb8.net

Extracted

Family

netwire

C2

uploadp2p.publicvm.com:4000

Attributes

activex_autorun
false
copy_executable
true
delete_original
false
host_id
Corona-%Rand%
install_path
%AppData%\Install\hostvs.exe
keylogger_dir
%AppData%\Logs\
lock_executable
false
mutex
wBEKeAsQ
offline_keylogger
true
password
Password
registry_autorun
false
use_mutex
true

Targets

- Target
  
  2025-02-27_ec643f235368690114c4133a77689f0a_smoke-loader_wapomi
- Size
  
  210KB
- MD5
  
  ec643f235368690114c4133a77689f0a
- SHA1
  
  e0677ceb0095e89520f82371eceee090a37c41d1
- SHA256
  
  bec4376ec5e5e76bf7a11170951dba67c39b665629cd47d1c7fdf33a24f2f7b0
- SHA512
  
  707ac1b126586cd8261d0e3fc81d33bfb43d9e0dfdb188fdea45d2c58cb9919f316e23645f755512b8ab25ecc1fdd41e48e4552986f481124232f2b48699ed3e
- SSDEEP
  
  3072:NR3YT8Nafa2MnXXE1CVgewi8DrH2JR1jyBNMy5BIVOCwHhlPGCH:7pa/MXU1CgoErWVjmjWJaho
Score

10^/10

bdaejec netwire aspackv2 backdoor botnet discovery rat stealer
- Bdaejec
  Bdaejec is a backdoor written in C++.
  backdoor bdaejec
- Bdaejec family
  bdaejec
- Detects Bdaejec Backdoor.
  Bdaejec is backdoor written in C++.
- NetWire RAT payload
  rat
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
- Netwire family
  netwire
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Bdaejec family

Detects Bdaejec Backdoor.

NetWire RAT payload

Netwire

Netwire family

ASPack v2.12-2.42

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2