General
-
Target
d16a1614144e6d6a7dc673420f2a091145d054994cf74a1e62fefcfad0a44cf8
-
Size
3.0MB
-
Sample
230110-3lr9fsaa39
-
MD5
ab23f10c51040db7926cdf6307b918c2
-
SHA1
bacb5de346d7ea4a837e044185225910ba637d57
-
SHA256
d16a1614144e6d6a7dc673420f2a091145d054994cf74a1e62fefcfad0a44cf8
-
SHA512
abf5d68eb25ad72911579c63c548666bb94fb9ec73da0a043f6643db101809d25f512eab8a48a0b11019efc6d0d8add357b5f7b39da697b7834ec420216061c2
-
SSDEEP
49152:1ZyT4wfvnZ85VK5voQ262jzCBoonOy9wRqLXAhy7y:1Z1wXZdAhy7y
Malware Config
Extracted
bandook
deapproved.ru
Targets
-
-
Target
d16a1614144e6d6a7dc673420f2a091145d054994cf74a1e62fefcfad0a44cf8
-
Size
3.0MB
-
MD5
ab23f10c51040db7926cdf6307b918c2
-
SHA1
bacb5de346d7ea4a837e044185225910ba637d57
-
SHA256
d16a1614144e6d6a7dc673420f2a091145d054994cf74a1e62fefcfad0a44cf8
-
SHA512
abf5d68eb25ad72911579c63c548666bb94fb9ec73da0a043f6643db101809d25f512eab8a48a0b11019efc6d0d8add357b5f7b39da697b7834ec420216061c2
-
SSDEEP
49152:1ZyT4wfvnZ85VK5voQ262jzCBoonOy9wRqLXAhy7y:1Z1wXZdAhy7y
Score10/10-
Bandook RAT
Bandook is a remote access tool written in C++ and shipped with a loader written in Delphi.
-
Bandook payload
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-