bandook | b4920df90b188b3b3cf63423aa18d50adf6606f538075515bd466a9570d784b2 | Triage

Submit
Reports

Overview

overview

Static

static

Factura_Reporte.exe

windows7-x64

Factura_Reporte.exe

windows10-2004-x64

Sharing

General

Target

Factura_Reporte.rar
Size

1.9MB
Sample

230104-k6k2rsac9y
MD5

04b4aeec5dd460772666e682e862711b
SHA1

48f64ccba613078354bd792209da5dc70fa6218f
SHA256

b4920df90b188b3b3cf63423aa18d50adf6606f538075515bd466a9570d784b2
SHA512

29fd16a4fb47239ce1d0b4091210fb80dd50a50507c3e4561ead281eacce29dff08d2159af1d1a35a44faec114bb08249e8be4cef7fb970107abe727ace58e4c
SSDEEP

49152:uKznAR7oI15XRt0HPJiClTbEhb3MU+jaxnoYA:uKTEEI15XAvJ78b8U+GaYA

Score

10^/10

bandook rat trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

Factura_Reporte.exe

Resource

win7-20220812-en

bandook rat trojan upx

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

Factura_Reporte.exe

Resource

win10v2004-20221111-en

bandook rat trojan upx

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Extracted

Family

bandook

C2

deapproved.ru

Targets

- Target
  
  Factura_Reporte.exe
- Size
  
  2.8MB
- MD5
  
  aa572e73d2e8dd37ca43ca7d8a046840
- SHA1
  
  de467ab0c6078e92a5e0a659c2c81c42870d0f4c
- SHA256
  
  7101fa8a59eee4118980fac6c580e435b0e838b8dd3546ad9e87bb26cbdd66c5
- SHA512
  
  9b8d8c2fb83bfc704f63711cce75ccbf427e08f8c15d40fe1e3d92a18188ff3df572cda29e98c64ae2b955708ebcb4babad6cc41c7db9e5eaa3c7363eec53dde
- SSDEEP
  
  24576:tf4VBO+XL5EtJhVTp+52oIYwF2BT6rk9PsMdb0DPRyMm3F9UAv0r2xp4loQGS7MR:tfQcmTNrSwPXcr1GPDBGXTP1z5uM+W8/
Score

10^/10

bandook rat trojan upx
- Bandook RAT
  Bandook is a remote access tool written in C++ and shipped with a loader written in Delphi.
  rat trojan bandook
- Bandook payload
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

bandookrattrojanupx

behavioral2

bandookrattrojanupx

© 2018-2024

Terms | Privacy