bdaejec

General

Target

2025-03-21_b11e44d25b66635ce1652c10f2507983_floxif_smoke-loader
Size

135KB
Sample

250321-a6vwvsvm17
MD5

b11e44d25b66635ce1652c10f2507983
SHA1

2018d2b921b2e9caebe49b7542ea568ff4a94f2a
SHA256

167c4538f23a498e6521aed45d4135c75dd33c92e04df20ce54d6f99c489f03c
SHA512

dd98fb6d5514a7266caa69a4b900f29fd0682c909384b53a5d68ca19e22a9852ee9dd63707cc9832a776e9bace3749952ca3d13182a0b6814ffa39d6bc7141b1
SSDEEP

3072:w7qXriW5/KNbwJFNvgDUGOh2lQBV+UdE+rECWp7hKvEPya:w+rvRK79O1BV+UdvrEFp7hKsPya

Score

10^/10

Malware Config

Extracted

Family

bdaejec

C2

ddos.dnsnb8.net

Targets

- Target
  
  2025-03-21_b11e44d25b66635ce1652c10f2507983_floxif_smoke-loader
- Size
  
  135KB
- MD5
  
  b11e44d25b66635ce1652c10f2507983
- SHA1
  
  2018d2b921b2e9caebe49b7542ea568ff4a94f2a
- SHA256
  
  167c4538f23a498e6521aed45d4135c75dd33c92e04df20ce54d6f99c489f03c
- SHA512
  
  dd98fb6d5514a7266caa69a4b900f29fd0682c909384b53a5d68ca19e22a9852ee9dd63707cc9832a776e9bace3749952ca3d13182a0b6814ffa39d6bc7141b1
- SSDEEP
  
  3072:w7qXriW5/KNbwJFNvgDUGOh2lQBV+UdE+rECWp7hKvEPya:w+rvRK79O1BV+UdvrEFp7hKsPya
Score

10^/10

bdaejec floxif aspackv2 backdoor discovery trojan upx
- Bdaejec
  Bdaejec is a backdoor written in C++.
  backdoor bdaejec
- Bdaejec family
  bdaejec
- Detects Bdaejec Backdoor.
  Bdaejec is backdoor written in C++.
- Floxif family
  floxif
- Floxif, Floodfix
  Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.
  backdoor trojan floxif
- Detected Nirsoft tools
  Free utilities often used by attackers which can steal passwords, product keys, etc.
- Detects Floxif payload
  backdoor
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

3

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Bdaejec family

Detects Bdaejec Backdoor.

Floxif family

Floxif, Floodfix

Detected Nirsoft tools

Detects Floxif payload

ACProtect 1.3x - 1.4x DLL software

ASPack v2.12-2.42

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Enumerates connected drives

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2