Extracted

• • Target

    8061c6794a889baa7d1d8cbf0de1f1136910f58bf6d8e2e2b04ef503e0c8db49

  • Size

    1.9MB

  • MD5

    80edb07b7dae0f94cd1a256929558d23

  • SHA1

    d70ab376c381e3512c465dd544e60c2f0837c877

  • SHA256

    8061c6794a889baa7d1d8cbf0de1f1136910f58bf6d8e2e2b04ef503e0c8db49

  • SHA512

    d7cc95dfb75ced6f328341d2167b3c982c7cf2ce4e69bd40d73b9abcec156c24d68dae03ef2b5db965837acf684d32d8401759b5f2442762a80e397a3241b843

  • SSDEEP

    24576:ILxVaQebJZs6tpl4TgqLvbjLNme2X7y3r75Q63by3rcMzGpzPURakW+MYOnxFJ2l:IEb7+TWW77+FckWvnVs

  Score

  10^/10

  bandookpersistencerattrojan

  • Bandook RAT

    Bandook is a remote access tool written in C++ and shipped with a loader written in Delphi.

    rattrojanbandook

  • Bandook payload

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2