Extracted

• • Target

    FACTURA_EMITIDA_01.exe

  • Size

    2.7MB

  • MD5

    8579c84ba801e49a1cf14cefd9882a2f

  • SHA1

    cdff10c3245023385d9e4991c2c8942d786a86f5

  • SHA256

    353dcc4479725da180b0c12fdc433d46fddefdced3a967e7fe528d030a61a791

  • SHA512

    d679ecb97304c9b552303e402351ceab9aa339fbdf8c06749aa41b5f4932fa06ba6da3dceb8932f898846d2257f95c9784ded99a55c57bde829f3e5f4d3d0714

  • SSDEEP

    49152:KNm2MWFLGO54Mnk9c5Xb3T6bINCe0kU0DZS4FhZ:Kz

  Score

  10^/10

  bandookpersistencerattrojanupx

  • Bandook RAT

    Bandook is a remote access tool written in C++ and shipped with a loader written in Delphi.

    rattrojanbandook

  • Bandook payload

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2