General
-
Target
Recibo Pago_01.rar
-
Size
1.9MB
-
Sample
221207-wvq97afe95
-
MD5
7b5849e491b7ae753c555293447a2d17
-
SHA1
475f3108b25dc099ecdcfdbb37a831ed148845a8
-
SHA256
df98652a71de6673d479e851062625876b214b4a2d13c3ff75390bab9a342fc6
-
SHA512
68209f03d63e9b2259f722a366fe63aa6d7288ed479f1e52a308c45b6ccbaa8c103e3c2bdfea4c2b406d634e9829a0dfdf69dc98b0d8b98ec1ffba3038d2e28f
-
SSDEEP
24576:3APtR/YLe9W3yfagBqG0cBuuduaY12U3hvVY6fqPvyPDrj2fcAVmftbjJr8Vkhh:aRo3CVBq9cBKb12sXCPvJ/wftbjRb
Malware Config
Targets
-
-
Target
Recibo Pago_01.rar
-
Size
1.9MB
-
MD5
7b5849e491b7ae753c555293447a2d17
-
SHA1
475f3108b25dc099ecdcfdbb37a831ed148845a8
-
SHA256
df98652a71de6673d479e851062625876b214b4a2d13c3ff75390bab9a342fc6
-
SHA512
68209f03d63e9b2259f722a366fe63aa6d7288ed479f1e52a308c45b6ccbaa8c103e3c2bdfea4c2b406d634e9829a0dfdf69dc98b0d8b98ec1ffba3038d2e28f
-
SSDEEP
24576:3APtR/YLe9W3yfagBqG0cBuuduaY12U3hvVY6fqPvyPDrj2fcAVmftbjJr8Vkhh:aRo3CVBq9cBKb12sXCPvJ/wftbjRb
Score3/10 -
-
-
Target
Recibo Pago_01.exe
-
Size
2.6MB
-
MD5
b878881a2185be9eaa1ea8e0dd110928
-
SHA1
f5d02789571a0e77df546cd8b9a7961d8a6d6492
-
SHA256
adf598b6e18cc87cdfd38b309e2107054143b6078827878aaa280a30256b5d4e
-
SHA512
9390674a0c3d69af48f6509ab0b37616270d1d370270de137faf3e35e6c33b4e8ef518ba0fbed4859c063b32bcb6660cab424282b6e9fc84e6451fa17dd8a8b9
-
SSDEEP
24576:PQvIbnxx7gup2pm/+yS5ksdokLm0Nnc9EMiqQmH7zWfDzgWPo/+OxhirK6rQinxu:PG27lSvCkDcnbKfDzl00rtkaYnZtQ3By
Score10/10-
Bandook RAT
Bandook is a remote access tool written in C++ and shipped with a loader written in Delphi.
-
Bandook payload
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of SetThreadContext
-