bandook | afb7134a4259ba408e6ffc45231e8e80d703d4dedfabb3fed364a13ad051b45e | Triage

Submit
Reports

Overview

overview

Static

static

3

ACUSE DE T...22.pdf

windows10-2004-x64

Sharing

General

Target

ACUSE DE TICKET DE PAGO 2022.pdf
Size

77KB
Sample

220926-tjsmrsbce2
MD5

c2a513299d70557b3c6d8a91a2f8350f
SHA1

3b75bc232dc3cc0bad49cb4105dc0331dc6b3ed4
SHA256

afb7134a4259ba408e6ffc45231e8e80d703d4dedfabb3fed364a13ad051b45e
SHA512

06aa4488d0255ff0f975bc752f2f6c73998b041c1beb43a7e2579f3ccb5d4712d6f981992b8089b4fc12e22bc759b8b71a09fab36baa289f31ab76749fed1859
SSDEEP

1536:AeRxIGYEqLe/7JmcZmL5g8kQa+zJl6hMWRf/i8pAzB11P:VjKw7BO5g8kQnzhWBtKV1N

Score

10^/10

bandook link pdf persistence rat trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ACUSE DE TICKET DE PAGO 2022.pdf

Resource

win10v2004-20220812-en

bandook persistence rat trojan upx

windows10-2004-x64

18 signatures

1800 seconds

Malware Config

Targets

- Target
  
  ACUSE DE TICKET DE PAGO 2022.pdf
- Size
  
  77KB
- MD5
  
  c2a513299d70557b3c6d8a91a2f8350f
- SHA1
  
  3b75bc232dc3cc0bad49cb4105dc0331dc6b3ed4
- SHA256
  
  afb7134a4259ba408e6ffc45231e8e80d703d4dedfabb3fed364a13ad051b45e
- SHA512
  
  06aa4488d0255ff0f975bc752f2f6c73998b041c1beb43a7e2579f3ccb5d4712d6f981992b8089b4fc12e22bc759b8b71a09fab36baa289f31ab76749fed1859
- SSDEEP
  
  1536:AeRxIGYEqLe/7JmcZmL5g8kQa+zJl6hMWRf/i8pAzB11P:VjKw7BO5g8kQnzhWBtKV1N
Score

10^/10

bandook persistence rat trojan upx
- Bandook RAT
  Bandook is a remote access tool written in C++ and shipped with a loader written in Delphi.
  rat trojan bandook
- Bandook payload
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bandookpersistencerattrojanupx

© 2018-2025

Terms | Privacy