Overview

overview

10

Static

static

10

13140000.exe

windows7_x64

10

13140000.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    13140000.exe

  • Size

    10.3MB

  • Sample

    220519-ya7gsabbh2

  • MD5

    80b58f43feb6e5b04250961c86e9e891

  • SHA1

    bcd22b9e345da4d845b61c20aa429d713a307354

  • SHA256

    0a4e59d0906316f0476dd5463ae6b93bb4a98211ff119f267b7320f13960bd47

  • SHA512

    8536f888d70638ef5ae94b8d8e7e78b5a0c92a122d9a13563a4467602283f0d17f777acc385f820c15ceca755d3ed769b17ed82df80ea84d479c3cf9e1b1dffe

Score
10/10
bandookpersistencerattrojan

Malware Config

Extracted

Family

bandook

C2

iamgood.blogdns.net

Targets

    • Target

      13140000.exe

    • Size

      10.3MB

    • MD5

      80b58f43feb6e5b04250961c86e9e891

    • SHA1

      bcd22b9e345da4d845b61c20aa429d713a307354

    • SHA256

      0a4e59d0906316f0476dd5463ae6b93bb4a98211ff119f267b7320f13960bd47

    • SHA512

      8536f888d70638ef5ae94b8d8e7e78b5a0c92a122d9a13563a4467602283f0d17f777acc385f820c15ceca755d3ed769b17ed82df80ea84d479c3cf9e1b1dffe

    Score
    10/10
    bandookpersistencerattrojan

    • Bandook RAT

      Bandook is a remote access tool written in C++ and shipped with a loader written in Delphi.

      rattrojanbandook

    • Bandook payload

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks