General
-
Target
4f1923485e8cdd052467d335a6384f93cd1d50b5d927aea471e56290be29ffa3.exe
-
Size
977KB
-
Sample
220624-raj8xsfeb2
-
MD5
f000ca9522aafa0c54b863528228a43b
-
SHA1
c636e88b9e8079ba086f5cdb132fa39e747d0f23
-
SHA256
4f1923485e8cdd052467d335a6384f93cd1d50b5d927aea471e56290be29ffa3
-
SHA512
ccbb478d676a3c6f1355ab30933196c5bf41b64b613e8efe661546c238700ce2aec340390af9069c303a43bc7c4f41400c418920041cf4967c6e02b272ef372d
Static task
static1
Behavioral task
behavioral1
Sample
4f1923485e8cdd052467d335a6384f93cd1d50b5d927aea471e56290be29ffa3.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
4f1923485e8cdd052467d335a6384f93cd1d50b5d927aea471e56290be29ffa3.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
bandook
iamgood.blogdns.net
Targets
-
-
Target
4f1923485e8cdd052467d335a6384f93cd1d50b5d927aea471e56290be29ffa3.exe
-
Size
977KB
-
MD5
f000ca9522aafa0c54b863528228a43b
-
SHA1
c636e88b9e8079ba086f5cdb132fa39e747d0f23
-
SHA256
4f1923485e8cdd052467d335a6384f93cd1d50b5d927aea471e56290be29ffa3
-
SHA512
ccbb478d676a3c6f1355ab30933196c5bf41b64b613e8efe661546c238700ce2aec340390af9069c303a43bc7c4f41400c418920041cf4967c6e02b272ef372d
Score10/10-
Bandook payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-