bandook | 3405f9cd439a15d0192d0d5d57a0ddb8727c78b1d3543568a582b1db45b35aae | Triage

Submit
Reports

Overview

overview

Static

static

ORDEN DE C...6J.exe

windows7-x64

ORDEN DE C...6J.exe

windows10-2004-x64

Sharing

General

Target

ORDEN DE COMPRAS_26J.exe
Size

3.6MB
Sample

220928-hqwr8agdal
MD5

38fae3855997c9a49e658fa69fc1819f
SHA1

9ea93e76929980b71503e368dd4925d7f5f0e01e
SHA256

3405f9cd439a15d0192d0d5d57a0ddb8727c78b1d3543568a582b1db45b35aae
SHA512

bd4e7ee1b54bf58bbafeb51c87916a28b1d965c1fb8790934bdd2160bf63107d879c256f0565dc647f33679ff241ad7b72b4e0e9c362e06db53ed44b4657835f
SSDEEP

49152:ZbU6bxhLt0sQfnKffkWuBo5QS87U96+exkPQ5NTZ0vVYkh6:Zbnbx6N/

Score

10^/10

bandook rat trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

ORDEN DE COMPRAS_26J.exe

Resource

win7-20220812-en

bandook rat trojan upx

windows7-x64

5 signatures

300 seconds

Behavioral task

behavioral2

Sample

ORDEN DE COMPRAS_26J.exe

Resource

win10v2004-20220901-en

bandook rat trojan upx

windows10-2004-x64

5 signatures

300 seconds

Malware Config

Targets

- Target
  
  ORDEN DE COMPRAS_26J.exe
- Size
  
  3.6MB
- MD5
  
  38fae3855997c9a49e658fa69fc1819f
- SHA1
  
  9ea93e76929980b71503e368dd4925d7f5f0e01e
- SHA256
  
  3405f9cd439a15d0192d0d5d57a0ddb8727c78b1d3543568a582b1db45b35aae
- SHA512
  
  bd4e7ee1b54bf58bbafeb51c87916a28b1d965c1fb8790934bdd2160bf63107d879c256f0565dc647f33679ff241ad7b72b4e0e9c362e06db53ed44b4657835f
- SSDEEP
  
  49152:ZbU6bxhLt0sQfnKffkWuBo5QS87U96+exkPQ5NTZ0vVYkh6:Zbnbx6N/
Score

10^/10

bandook rat trojan upx
- Bandook RAT
  Bandook is a remote access tool written in C++ and shipped with a loader written in Delphi.
  rat trojan bandook
- Bandook payload
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

bandookrattrojanupx

behavioral2

bandookrattrojanupx

© 2018-2024

Terms | Privacy