General
-
Target
2063ccad3a86a5808d3521eff0da421986761ad5d154a5de2243bf03fe59b1f4
-
Size
1.5MB
-
Sample
221124-ah2dqshg4x
-
MD5
35e9fc4bff3729865fcbe688d33e9819
-
SHA1
74a5dc1856d990634c4c838309f124966c95b145
-
SHA256
2063ccad3a86a5808d3521eff0da421986761ad5d154a5de2243bf03fe59b1f4
-
SHA512
483ec08f00f5d3d2620b94f11c6a58f3c936112d189b9208bd6b7f22e285269274d177f12fec461232ede595b80836d883f8965b87cc12ddfe35e1d1849bfdb7
-
SSDEEP
24576:57OlTY81NmsM4SFu6/4WiAH4ACs/85iIn1xJSG8El7jsMtAndBAicuUO:57cXOAYwGJI1xkwrAXA+
Static task
static1
Behavioral task
behavioral1
Sample
2063ccad3a86a5808d3521eff0da421986761ad5d154a5de2243bf03fe59b1f4.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
2063ccad3a86a5808d3521eff0da421986761ad5d154a5de2243bf03fe59b1f4.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
bandook
somfiar2a.ddns.net
Targets
-
-
Target
2063ccad3a86a5808d3521eff0da421986761ad5d154a5de2243bf03fe59b1f4
-
Size
1.5MB
-
MD5
35e9fc4bff3729865fcbe688d33e9819
-
SHA1
74a5dc1856d990634c4c838309f124966c95b145
-
SHA256
2063ccad3a86a5808d3521eff0da421986761ad5d154a5de2243bf03fe59b1f4
-
SHA512
483ec08f00f5d3d2620b94f11c6a58f3c936112d189b9208bd6b7f22e285269274d177f12fec461232ede595b80836d883f8965b87cc12ddfe35e1d1849bfdb7
-
SSDEEP
24576:57OlTY81NmsM4SFu6/4WiAH4ACs/85iIn1xJSG8El7jsMtAndBAicuUO:57cXOAYwGJI1xkwrAXA+
Score10/10-
Bandook payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-