bandook | 8061c6794a889baa7d1d8cbf0de1f1136910f58bf6d8e2e2b04ef503e0c8db49 | Triage

Submit
Reports

Overview

overview

Static

static

8061c6794a...49.exe

windows7-x64

8061c6794a...49.exe

windows10-2004-x64

Sharing

General

Target

8061c6794a889baa7d1d8cbf0de1f1136910f58bf6d8e2e2b04ef503e0c8db49
Size

1.9MB
Sample

221127-q9el2scd39
MD5

80edb07b7dae0f94cd1a256929558d23
SHA1

d70ab376c381e3512c465dd544e60c2f0837c877
SHA256

8061c6794a889baa7d1d8cbf0de1f1136910f58bf6d8e2e2b04ef503e0c8db49
SHA512

d7cc95dfb75ced6f328341d2167b3c982c7cf2ce4e69bd40d73b9abcec156c24d68dae03ef2b5db965837acf684d32d8401759b5f2442762a80e397a3241b843
SSDEEP

24576:ILxVaQebJZs6tpl4TgqLvbjLNme2X7y3r75Q63by3rcMzGpzPURakW+MYOnxFJ2l:IEb7+TWW77+FckWvnVs

Score

10^/10

bandook persistence rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

8061c6794a889baa7d1d8cbf0de1f1136910f58bf6d8e2e2b04ef503e0c8db49.exe

Resource

win7-20220812-en

bandook persistence rat trojan

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

8061c6794a889baa7d1d8cbf0de1f1136910f58bf6d8e2e2b04ef503e0c8db49.exe

Resource

win10v2004-20220812-en

bandook persistence rat trojan

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Extracted

Family

bandook

C2

sync.ebaeuropa.eu

Targets

- Target
  
  8061c6794a889baa7d1d8cbf0de1f1136910f58bf6d8e2e2b04ef503e0c8db49
- Size
  
  1.9MB
- MD5
  
  80edb07b7dae0f94cd1a256929558d23
- SHA1
  
  d70ab376c381e3512c465dd544e60c2f0837c877
- SHA256
  
  8061c6794a889baa7d1d8cbf0de1f1136910f58bf6d8e2e2b04ef503e0c8db49
- SHA512
  
  d7cc95dfb75ced6f328341d2167b3c982c7cf2ce4e69bd40d73b9abcec156c24d68dae03ef2b5db965837acf684d32d8401759b5f2442762a80e397a3241b843
- SSDEEP
  
  24576:ILxVaQebJZs6tpl4TgqLvbjLNme2X7y3r75Q63by3rcMzGpzPURakW+MYOnxFJ2l:IEb7+TWW77+FckWvnVs
Score

10^/10

bandook persistence rat trojan
- Bandook RAT
  Bandook is a remote access tool written in C++ and shipped with a loader written in Delphi.
  rat trojan bandook
- Bandook payload
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bandookpersistencerattrojan

behavioral2

bandookpersistencerattrojan

© 2018-2024

Terms | Privacy