Extracted

• • Target

    ab87cb76028fce6863acec34faebf250bad0f17120188b5f95fec8f37a2aa257

  • Size

    991KB

  • MD5

    b00e12c16d784b4d5e711e51e0430d66

  • SHA1

    d2d7d47df634c39f79331dfe2e5f953251266b17

  • SHA256

    ab87cb76028fce6863acec34faebf250bad0f17120188b5f95fec8f37a2aa257

  • SHA512

    09a7d929a4e3385bde47a51161647bcfa6971e6bdca1c3d40b78951f5b2db46bd448f6e912821ac27e2b54d7c824a5d9efb2c5ddcfe19a4d22317b266b17a94f

  • SSDEEP

    24576:KinYayzdUnKEaoxfqyQjnr5iKULyQUVyhaPvNy/UtR:Tyz6BxfxmrNUL7lo0s

  Score

  10^/10

  bandookrattrojanpersistence

  • Bandook RAT

    Bandook is a remote access tool written in C++ and shipped with a loader written in Delphi.

    rattrojanbandook

  • Bandook payload

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2