Overview

overview

10

Static

static

Comprobant...07.exe

windows7-x64

10

Comprobant...07.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Comprobante_screen07.rar

  • Size

    2.1MB

  • Sample

    221109-b2ybvschb3

  • MD5

    c906583ca09e24ca28dbe38a9eb3eb0c

  • SHA1

    f38634b26957dd7b6a9d7880bde04c78e87869bc

  • SHA256

    cfa35f5cb3216c093bae6a297412f5380cae5ab364d22b869fb62ec802e0fc90

  • SHA512

    bb594fe7a37e203a774dca199ab72a329029359be8fc20534f240f144f18f21a680fb763be60a2af122d3c92cb763b9cfc21459289411692b21f8d5cf5406c21

  • SSDEEP

    49152:tCmuC/yllJmvfiyVSghiDo2R7wiWsE2PyYgIkEA5WksTjSgV:tC/0isfvSIr2qiTIzj5WksfV

Score
10/10
bandookrattrojanupx

Malware Config

Targets

    • Target

      Comprobante_screen07.exe

    • Size

      3.6MB

    • MD5

      fc9114d9a22658d97865640a45ba2391

    • SHA1

      f0fe9474e33ba87e3c2f76ec9d90b771be5ab9ec

    • SHA256

      cadd1d332c9a7c1228f57d9b057fdd332062a1e4423638132916c4e09ef8e88c

    • SHA512

      f1da0a6a00fe32b65893b69ffb8298c53e15e41654adc564190536da0e867d24e7b3d5727623eea1144cd121699ec3dc9e165eb398ec64dd2be435ca02a3297f

    • SSDEEP

      49152:bVh1ySLOEITk/FSidOM445iJHbFK8dZuiLr0+nOreUVpoXC9cAXegH:bV/yqJzH

    Score
    10/10
    bandookrattrojanupx

    • Bandook RAT

      Bandook is a remote access tool written in C++ and shipped with a loader written in Delphi.

      rattrojanbandook

    • Bandook payload

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks