Overview

overview

10

Static

static

COMPROBANT...1A.exe

windows7-x64

10

COMPROBANT...1A.exe

windows10-2004-x64

10

msvfw32.dll

windows7-x64

1

msvfw32.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    COMPROBANTE DE PAGO SEPTIEMBRE_01A.rar

  • Size

    2.1MB

  • Sample

    220901-yjkpdaacdj

  • MD5

    666451f54889bfc511063ef4976c6ce5

  • SHA1

    1d62a7c77acd466393ceacb0631c0e0954e37a8c

  • SHA256

    b302ba8b1b2817d20b1df5f80991b3be01f99e15f2138a777c19d5037ccf7dda

  • SHA512

    af3cbc638065a391d73fcd8e84f1205a1155b408dcb8e03a1afdbaeb03004415d5b116c7a6ee78a0131e7b2763a65fcb8fcfd491c3321d1ac7a58dda5dff00f2

  • SSDEEP

    49152:icLQBvW//KhSyO9/Y7bSlnL2Fo6iMInZRxCceHF/WZQWh7vTj:icmvO/2SRA/SUFo/XxCceluZnv3

Score
10/10
bandookpersistencerattrojanupx

Malware Config

Targets

    • Target

      COMPROBANTE DE PAGO SEPTIEMBRE_01A.exe

    • Size

      3.1MB

    • MD5

      7426cab16d83565016af7e83bd592980

    • SHA1

      63f45648ebfa88d71d4f0fb3d95a0868ce412fc4

    • SHA256

      b7cac1b8fe41304f69b6c2b7c48c225bc090c514f607397b5cce44238e9c546d

    • SHA512

      12627d91effc207266d6d8e1cb1a879a4eeca9b1343b247c0ed2b9d02b8b892756f220a1b32deb2fa9202093830b5994c2cdc29dfbed9e2db1474f310a62e6bc

    • SSDEEP

      49152:Y2CYzwf4b5k1V68IqNUoCVidq1pYlRJdF:Y29wfp

    Score
    10/10
    bandookpersistencerattrojanupx

    • Bandook RAT

      Bandook is a remote access tool written in C++ and shipped with a loader written in Delphi.

      rattrojanbandook

    • Bandook payload

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

    • Target

      msvfw32.dll

    • Size

      148KB

    • MD5

      f3354260c4b1383c586da9affde33d6b

    • SHA1

      2b911b3c59cc975fa081b88d4de21d345841dfb5

    • SHA256

      7e09b985d0ce2e6cab125bfb88ea3f3f85e9de065bcf2c140c7ba6ca82ad5dc0

    • SHA512

      9adf858c6d5f1601600294fb4c982ef0aa95cd386a98e17fb674619b2d38d330bcf46a27005e51ed0a967ec64e60bc86c3c3c40edaf8770fe8e2efdab83eda0e

    • SSDEEP

      3072:myAoMfEgYZciuGjmtyOpDHn4RO9rK47Xx+9O3QIPf64gDyyJ:Sbf8u67074Rerv7Xx+9OAIcDy

    Score
    1/10
    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks