Extracted

• • Target

    8ec1401fa024f6d41195f3dcfea0978131f1e8861254eecea7f3e250efdd4215

  • Size

    1.4MB

  • MD5

    7a154b04e7a69f0bb6b6290dbf9b9240

  • SHA1

    b48f94ea4d7e80af7d5d11a34edf683b8a5d4108

  • SHA256

    8ec1401fa024f6d41195f3dcfea0978131f1e8861254eecea7f3e250efdd4215

  • SHA512

    deba154d8730584d68d55a7a748c53c509eb6e11d9737d483920f4f7f135bae9828cc2e10205fb0191081de1ee9a85ae59e568cb3db9c86c2d9c57531a916509

  • SSDEEP

    24576:pEqTh1sbeWavtX5OrXnrrJjVa4xh/0wJFhIedzeoy+86SEZ6Y:pEre9veVxhPDdzef+86SE

  Score

  10^/10

  bandookpersistencerattrojan

  • Bandook RAT

    Bandook is a remote access tool written in C++ and shipped with a loader written in Delphi.

    rattrojanbandook

  • Bandook payload

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2