bandook | afebfd81e9d3e416598a34053ad27703a1b3a70c1a316d0dab62c51a4d05c734 | Triage

Submit
Reports

Overview

overview

Static

static

afebfd81e9...34.exe

windows7-x64

afebfd81e9...34.exe

windows10-2004-x64

Sharing

General

Target

afebfd81e9d3e416598a34053ad27703a1b3a70c1a316d0dab62c51a4d05c734
Size

1002KB
Sample

221002-2rhfrseae3
MD5

66e7fff4370f216117c1ab836b43f320
SHA1

68571b2e855fcaf068f73730ac10675128b4f217
SHA256

afebfd81e9d3e416598a34053ad27703a1b3a70c1a316d0dab62c51a4d05c734
SHA512

fe7f11cd216d8be8833f7d99686e94e9d6134772cab878cdef756a2c199fff8f26d88efa108dbc9356ef330a6eeff57a9c90cef80b94da59a16d3210b9ab926c
SSDEEP

24576:dlFlrWrVnrfUEEAXU7PcOeLqkVsD7s/Xl2y:dlKBfTSPcOeLtsnsvl1

Score

10^/10

bandook persistence rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

afebfd81e9d3e416598a34053ad27703a1b3a70c1a316d0dab62c51a4d05c734.exe

Resource

win7-20220812-en

bandook persistence rat trojan

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

afebfd81e9d3e416598a34053ad27703a1b3a70c1a316d0dab62c51a4d05c734.exe

Resource

win10v2004-20220812-en

bandook persistence rat trojan

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Extracted

Family

bandook

C2

192.168.31.1

Targets

- Target
  
  afebfd81e9d3e416598a34053ad27703a1b3a70c1a316d0dab62c51a4d05c734
- Size
  
  1002KB
- MD5
  
  66e7fff4370f216117c1ab836b43f320
- SHA1
  
  68571b2e855fcaf068f73730ac10675128b4f217
- SHA256
  
  afebfd81e9d3e416598a34053ad27703a1b3a70c1a316d0dab62c51a4d05c734
- SHA512
  
  fe7f11cd216d8be8833f7d99686e94e9d6134772cab878cdef756a2c199fff8f26d88efa108dbc9356ef330a6eeff57a9c90cef80b94da59a16d3210b9ab926c
- SSDEEP
  
  24576:dlFlrWrVnrfUEEAXU7PcOeLqkVsD7s/Xl2y:dlKBfTSPcOeLtsnsvl1
Score

10^/10

bandook persistence rat trojan
- Bandook RAT
  Bandook is a remote access tool written in C++ and shipped with a loader written in Delphi.
  rat trojan bandook
- Bandook payload
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bandookpersistencerattrojan

behavioral2

bandookpersistencerattrojan

© 2018-2024

Terms | Privacy