bandook | 719a937b69a64a9f145107ee9353a8e07f5e75ec7c4ae8e1b4aaa339fca3e16b | Triage

Submit
Reports

Overview

overview

Static

static

719a937b69...6b.exe

windows7-x64

719a937b69...6b.exe

windows10-2004-x64

Sharing

General

Target

719a937b69a64a9f145107ee9353a8e07f5e75ec7c4ae8e1b4aaa339fca3e16b
Size

1.4MB
Sample

221127-czz84sda22
MD5

fd9433444004d326b35128f6ab7502c7
SHA1

af0f10c2ce7d1d083a17654740475a697232a074
SHA256

719a937b69a64a9f145107ee9353a8e07f5e75ec7c4ae8e1b4aaa339fca3e16b
SHA512

5b1c12d645c91eb73ba7ada105f0dea1f80cb4d4143712958d31bc6e337d3aa93c4151ee14afed1c7d5d0eb4b01c7a912bb264081e2191de7905c4d30ef4ad72
SSDEEP

24576:8EqTh1sbKKx578K0wRpzeXrI/DYqCJ/lFATG7u258n86SERxpGwWDMKTF:8ErRxRDYpAa7uVn86SEWDM

Score

10^/10

bandook persistence rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

719a937b69a64a9f145107ee9353a8e07f5e75ec7c4ae8e1b4aaa339fca3e16b.exe

Resource

win7-20220812-en

bandook persistence rat trojan

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

719a937b69a64a9f145107ee9353a8e07f5e75ec7c4ae8e1b4aaa339fca3e16b.exe

Resource

win10v2004-20220901-en

bandook persistence rat trojan

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Extracted

Family

bandook

C2

iamgood.blogdns.net

Targets

- Target
  
  719a937b69a64a9f145107ee9353a8e07f5e75ec7c4ae8e1b4aaa339fca3e16b
- Size
  
  1.4MB
- MD5
  
  fd9433444004d326b35128f6ab7502c7
- SHA1
  
  af0f10c2ce7d1d083a17654740475a697232a074
- SHA256
  
  719a937b69a64a9f145107ee9353a8e07f5e75ec7c4ae8e1b4aaa339fca3e16b
- SHA512
  
  5b1c12d645c91eb73ba7ada105f0dea1f80cb4d4143712958d31bc6e337d3aa93c4151ee14afed1c7d5d0eb4b01c7a912bb264081e2191de7905c4d30ef4ad72
- SSDEEP
  
  24576:8EqTh1sbKKx578K0wRpzeXrI/DYqCJ/lFATG7u258n86SERxpGwWDMKTF:8ErRxRDYpAa7uVn86SEWDM
Score

10^/10

bandook persistence rat trojan
- Bandook RAT
  Bandook is a remote access tool written in C++ and shipped with a loader written in Delphi.
  rat trojan bandook
- Bandook payload
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bandookpersistencerattrojan

behavioral2

bandookpersistencerattrojan

© 2018-2024

Terms | Privacy