bandook | ab87cb76028fce6863acec34faebf250bad0f17120188b5f95fec8f37a2aa257 | Triage

Submit
Reports

Overview

overview

Static

static

ab87cb7602...57.exe

windows7-x64

ab87cb7602...57.exe

windows10-2004-x64

Sharing

General

Target

ab87cb76028fce6863acec34faebf250bad0f17120188b5f95fec8f37a2aa257
Size

991KB
Sample

221123-qn8m1aee29
MD5

b00e12c16d784b4d5e711e51e0430d66
SHA1

d2d7d47df634c39f79331dfe2e5f953251266b17
SHA256

ab87cb76028fce6863acec34faebf250bad0f17120188b5f95fec8f37a2aa257
SHA512

09a7d929a4e3385bde47a51161647bcfa6971e6bdca1c3d40b78951f5b2db46bd448f6e912821ac27e2b54d7c824a5d9efb2c5ddcfe19a4d22317b266b17a94f
SSDEEP

24576:KinYayzdUnKEaoxfqyQjnr5iKULyQUVyhaPvNy/UtR:Tyz6BxfxmrNUL7lo0s

Score

10^/10

bandook persistence rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

ab87cb76028fce6863acec34faebf250bad0f17120188b5f95fec8f37a2aa257.exe

Resource

win7-20221111-en

bandook rat trojan

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

ab87cb76028fce6863acec34faebf250bad0f17120188b5f95fec8f37a2aa257.exe

Resource

win10v2004-20221111-en

bandook persistence rat trojan

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Extracted

Family

bandook

C2

sat-iva.org

Targets

- Target
  
  ab87cb76028fce6863acec34faebf250bad0f17120188b5f95fec8f37a2aa257
- Size
  
  991KB
- MD5
  
  b00e12c16d784b4d5e711e51e0430d66
- SHA1
  
  d2d7d47df634c39f79331dfe2e5f953251266b17
- SHA256
  
  ab87cb76028fce6863acec34faebf250bad0f17120188b5f95fec8f37a2aa257
- SHA512
  
  09a7d929a4e3385bde47a51161647bcfa6971e6bdca1c3d40b78951f5b2db46bd448f6e912821ac27e2b54d7c824a5d9efb2c5ddcfe19a4d22317b266b17a94f
- SSDEEP
  
  24576:KinYayzdUnKEaoxfqyQjnr5iKULyQUVyhaPvNy/UtR:Tyz6BxfxmrNUL7lo0s
Score

10^/10

bandook rat trojan persistence
- Bandook RAT
  Bandook is a remote access tool written in C++ and shipped with a loader written in Delphi.
  rat trojan bandook
- Bandook payload
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bandookrattrojan

behavioral2

bandookpersistencerattrojan

© 2018-2024

Terms | Privacy