Extracted

• • Target

    d16a1614144e6d6a7dc673420f2a091145d054994cf74a1e62fefcfad0a44cf8

  • Size

    3.0MB

  • MD5

    ab23f10c51040db7926cdf6307b918c2

  • SHA1

    bacb5de346d7ea4a837e044185225910ba637d57

  • SHA256

    d16a1614144e6d6a7dc673420f2a091145d054994cf74a1e62fefcfad0a44cf8

  • SHA512

    abf5d68eb25ad72911579c63c548666bb94fb9ec73da0a043f6643db101809d25f512eab8a48a0b11019efc6d0d8add357b5f7b39da697b7834ec420216061c2

  • SSDEEP

    49152:1ZyT4wfvnZ85VK5voQ262jzCBoonOy9wRqLXAhy7y:1Z1wXZdAhy7y

  Score

  10^/10

  bandookpersistencerattrojanupx

  • Bandook RAT

    Bandook is a remote access tool written in C++ and shipped with a loader written in Delphi.

    rattrojanbandook

  • Bandook payload

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2