Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

7

a8152e7f61...52.exe

windows7-x64

10

a8152e7f61...52.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a8152e7f6178172a8c3885efa454d9dc1d25e991ba97dfcc3157ebf6c6d73152

  • Size

    8.0MB

  • Sample

    250321-q51zgszvds

  • MD5

    a1f4e95485dc0527ee706576c642f833

  • SHA1

    ca4d5f50546dc9768e5ace9cad40c29d0ba9f48f

  • SHA256

    a8152e7f6178172a8c3885efa454d9dc1d25e991ba97dfcc3157ebf6c6d73152

  • SHA512

    d657aa78be82b31da55f979ccdecb06e3a5b1fa9d7002cc0b2ddc0789928313c60c48da81c58ada6ac2679a51ce841710baaba35d781eba2c33e5d5107fcaf73

  • SSDEEP

    196608:beCFX5VemdnwSzWTQ4LOxRdLYDuvZ3Pewli:bFl5P4LO3t2W3pl

Score
10/10
bdaejecaspackv2backdoordefense_evasiondiscoverythemidatrojan

Malware Config

Extracted

Family

bdaejec

C2

ddos.dnsnb8.net

Targets

    • Target

      a8152e7f6178172a8c3885efa454d9dc1d25e991ba97dfcc3157ebf6c6d73152

    • Size

      8.0MB

    • MD5

      a1f4e95485dc0527ee706576c642f833

    • SHA1

      ca4d5f50546dc9768e5ace9cad40c29d0ba9f48f

    • SHA256

      a8152e7f6178172a8c3885efa454d9dc1d25e991ba97dfcc3157ebf6c6d73152

    • SHA512

      d657aa78be82b31da55f979ccdecb06e3a5b1fa9d7002cc0b2ddc0789928313c60c48da81c58ada6ac2679a51ce841710baaba35d781eba2c33e5d5107fcaf73

    • SSDEEP

      196608:beCFX5VemdnwSzWTQ4LOxRdLYDuvZ3Pewli:bFl5P4LO3t2W3pl

    Score
    10/10
    bdaejecaspackv2backdoordefense_evasiondiscoverythemidatrojan

    • Bdaejec

      Bdaejec is a backdoor written in C++.

      backdoorbdaejec

    • Bdaejec family

      bdaejec

    • Detects Bdaejec Backdoor.

      Bdaejec is backdoor written in C++.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      defense_evasion

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

      aspackv2

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      defense_evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks