General
-
Target
c980f24533ca7c2e289191ff09a941d3dd1dfd5ebf6c884ff6c65641e3454b6e
-
Size
1.5MB
-
Sample
221125-tbgwascf5y
-
MD5
8a3559d0186867422bdeda233c42e837
-
SHA1
fc2fc7010739c22050d0ebb8d5d5212083fbbc5e
-
SHA256
c980f24533ca7c2e289191ff09a941d3dd1dfd5ebf6c884ff6c65641e3454b6e
-
SHA512
0d2b76bb65139de7ee2b2412f885fd8af7e60c61489a05ce3e7d99a91ad3f4d3b4a310c67bcb9897b29a5937dc0bc685712fc89fae25e03a59d0c424c9df1569
-
SSDEEP
24576:bqtusu+tVxHPidqUAIM3CNQgII6SZlCDHh3R5IdBAJ58:bZwd4MbyZlUBB5mA
Malware Config
Extracted
bandook
soniaswiss.ddns.net
Targets
-
-
Target
c980f24533ca7c2e289191ff09a941d3dd1dfd5ebf6c884ff6c65641e3454b6e
-
Size
1.5MB
-
MD5
8a3559d0186867422bdeda233c42e837
-
SHA1
fc2fc7010739c22050d0ebb8d5d5212083fbbc5e
-
SHA256
c980f24533ca7c2e289191ff09a941d3dd1dfd5ebf6c884ff6c65641e3454b6e
-
SHA512
0d2b76bb65139de7ee2b2412f885fd8af7e60c61489a05ce3e7d99a91ad3f4d3b4a310c67bcb9897b29a5937dc0bc685712fc89fae25e03a59d0c424c9df1569
-
SSDEEP
24576:bqtusu+tVxHPidqUAIM3CNQgII6SZlCDHh3R5IdBAJ58:bZwd4MbyZlUBB5mA
Score10/10-
Bandook RAT
Bandook is a remote access tool written in C++ and shipped with a loader written in Delphi.
-
Bandook payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-