General
-
Target
a7320e7ada292831538aaee3559dc0139b3222208dfe9271e74d080125b5c934
-
Size
1.5MB
-
Sample
221125-tbhgtshd93
-
MD5
4c8a864510cb59db7f3c0b3bf2fd7fa1
-
SHA1
42e05975cd4450852970958ba675ac42032eccae
-
SHA256
a7320e7ada292831538aaee3559dc0139b3222208dfe9271e74d080125b5c934
-
SHA512
191e1f81a271a44cc992ea474fc425c2cd7aa6c8a12b189b77a98ac7747d8dcbffa8876a5ca31e61bbf779a5d0ff9f080e0dd52af25aff961391932e48f3e45f
-
SSDEEP
24576:Yqtusu+tVxHPidqUAIM3CNQgII6SZlCDHh3R5OdBAXO9kE:YZwd4MbyZlUBB58Ae9
Static task
static1
Behavioral task
behavioral1
Sample
a7320e7ada292831538aaee3559dc0139b3222208dfe9271e74d080125b5c934.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
a7320e7ada292831538aaee3559dc0139b3222208dfe9271e74d080125b5c934.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
bandook
ezeigbo.ddns.net
Targets
-
-
Target
a7320e7ada292831538aaee3559dc0139b3222208dfe9271e74d080125b5c934
-
Size
1.5MB
-
MD5
4c8a864510cb59db7f3c0b3bf2fd7fa1
-
SHA1
42e05975cd4450852970958ba675ac42032eccae
-
SHA256
a7320e7ada292831538aaee3559dc0139b3222208dfe9271e74d080125b5c934
-
SHA512
191e1f81a271a44cc992ea474fc425c2cd7aa6c8a12b189b77a98ac7747d8dcbffa8876a5ca31e61bbf779a5d0ff9f080e0dd52af25aff961391932e48f3e45f
-
SSDEEP
24576:Yqtusu+tVxHPidqUAIM3CNQgII6SZlCDHh3R5OdBAXO9kE:YZwd4MbyZlUBB58Ae9
Score10/10-
Bandook payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-