bandook | da247cdd6339b21243957a65344c6488977c0d766899d12aacb356a3521ec6fc | Triage

Submit
Reports

Overview

overview

Static

static

COMUNICADO...23.exe

windows10-1703-x64

Sharing

General

Target

COMUNICADO VLN0000785623.exe
Size

3.0MB
Sample

221130-gf8hlaca86
MD5

4393d9f020cf74a1b99e978105f8e44d
SHA1

b670410725dad081b941a5e143e9aa8d6ca9e989
SHA256

da247cdd6339b21243957a65344c6488977c0d766899d12aacb356a3521ec6fc
SHA512

488407723211efdbf4c602d541ca771a3813e1c41f23a4581cde761aab76120d42f6a4afc38daf7e15da8f2c271d519b043b6d1b7d543ea61a34463ef8bc1f3f
SSDEEP

49152:rJaBAeV/mZKTMrIE4kFY0qpxG4VBdn7npKCOydj:rJaB1e8j

Score

10^/10

bandook rat trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

COMUNICADO VLN0000785623.exe

Resource

win10-20220901-es

bandook rat trojan upx

windows10-1703-x64

6 signatures

300 seconds

Malware Config

Targets

- Target
  
  COMUNICADO VLN0000785623.exe
- Size
  
  3.0MB
- MD5
  
  4393d9f020cf74a1b99e978105f8e44d
- SHA1
  
  b670410725dad081b941a5e143e9aa8d6ca9e989
- SHA256
  
  da247cdd6339b21243957a65344c6488977c0d766899d12aacb356a3521ec6fc
- SHA512
  
  488407723211efdbf4c602d541ca771a3813e1c41f23a4581cde761aab76120d42f6a4afc38daf7e15da8f2c271d519b043b6d1b7d543ea61a34463ef8bc1f3f
- SSDEEP
  
  49152:rJaBAeV/mZKTMrIE4kFY0qpxG4VBdn7npKCOydj:rJaB1e8j
Score

10^/10

bandook rat trojan upx
- Bandook RAT
  Bandook is a remote access tool written in C++ and shipped with a loader written in Delphi.
  rat trojan bandook
- Bandook payload
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

bandookrattrojanupx

© 2018-2024

Terms | Privacy