bdaejec | cbeb44540789ac8bf65368f68d9be851805fee65199d0c074a1171839b98ff12 | Triage

Submit
Reports

Overview

overview

Static

static

3

Gorilla.exe

windows10-ltsc_2021-x64

Sharing

General

Target

Gorilla.exe
Size

2.6MB
Sample

250408-vgy77swybz
MD5

b56d8e516dd406491e273cf22781f324
SHA1

3640b9ea9de0dfd688901d9aeb3628a344f749ab
SHA256

cbeb44540789ac8bf65368f68d9be851805fee65199d0c074a1171839b98ff12
SHA512

a662c1f33adcede7ce9197d1bffbceb4db75fa0abf47c0b4eddc4c1cf98c0328370121ae3f272c6d46df80a7854eb31edd1755ec6f5f7f031065af516c5a11f3
SSDEEP

49152:m1626Xz60rVn6QtNrDqCN03t3JPjd6idqkOkoLbr7Lbr7Lbr7LbriyCSiyCSiyC9:5j6WVn64BDqUKVZ6idqktn/

Score

10^/10

bdaejec aspackv2 backdoor discovery spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Gorilla.exe

Resource

win10ltsc2021-20250314-en

bdaejec aspackv2 backdoor discovery spyware stealer

windows10-ltsc_2021-x64

31 signatures

900 seconds

Malware Config

Extracted

Family

bdaejec

C2

ddos.dnsnb8.net

Targets

- Target
  
  Gorilla.exe
- Size
  
  2.6MB
- MD5
  
  b56d8e516dd406491e273cf22781f324
- SHA1
  
  3640b9ea9de0dfd688901d9aeb3628a344f749ab
- SHA256
  
  cbeb44540789ac8bf65368f68d9be851805fee65199d0c074a1171839b98ff12
- SHA512
  
  a662c1f33adcede7ce9197d1bffbceb4db75fa0abf47c0b4eddc4c1cf98c0328370121ae3f272c6d46df80a7854eb31edd1755ec6f5f7f031065af516c5a11f3
- SSDEEP
  
  49152:m1626Xz60rVn6QtNrDqCN03t3JPjd6idqkOkoLbr7Lbr7Lbr7LbriyCSiyCSiyC9:5j6WVn64BDqUKVZ6idqktn/
Score

10^/10

bdaejec aspackv2 backdoor discovery spyware stealer
- Bdaejec
  Bdaejec is a backdoor written in C++.
  backdoor bdaejec
- Bdaejec family
  bdaejec
- Detects Bdaejec Backdoor.
  Bdaejec is backdoor written in C++.
- Downloads MZ/PE file
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
behavioral1

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

bdaejecaspackv2backdoordiscoveryspywarestealer

© 2018-2025

Terms | Privacy