Overview

overview

10

Static

static

email-html-1.html

windows10-2004-x64

10

Resubmissions

22-01-2023 19:41

230122-yeeybshe98 10

22-01-2023 19:30

230122-x716lahe43 8

22-01-2023 19:26

230122-x5qxvabd3t 6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    phish_alert_sp2_2.0.0.0.eml

  • Size

    12KB

  • Sample

    230122-yeeybshe98

  • MD5

    a0a1d3029c6ef7f44fe7112bb59ea881

  • SHA1

    b0bf8bf1de9209b87190a4dc2d267de72685bc27

  • SHA256

    694adfef602d2ea796b3feac4cfe9ebdc0dbeb0daaee501b76df53ce0260ad6c

  • SHA512

    f1fabfa69533b20ec65bf14a3048f63f6fbf13c85e1e153b26e7b74d1111a3e916ee832ed2e9ce4e4dc6b7ec9e2290322c818add3cb0aabb65e8ae6f918e3ec6

  • SSDEEP

    192:ZIsmfIKrYS7R7j+Uvdb5fzJ5MVPFPDk28qldd5So7cbmflrhyF0KH:ismwKrYKRtvbfWDkYjd5Smcbmfl1C

Score
10/10
bandookrattrojanupx

Malware Config

Extracted

Family

bandook

C2

bomes.ru

Targets

    • Target

      email-html-1.txt

    • Size

      3KB

    • MD5

      f0fe336642eeaa0c37b7094fd1494905

    • SHA1

      69e61a0c83aa7603e4b09e3070da6f17548402d6

    • SHA256

      47c1a0979af792d31e74f1159ca97836d3bf8f3ac37e2bec940aa93aa1eda6a1

    • SHA512

      b187364e4150b18ac90d306d4ba04eecdb24f16f0c06e4e42c1c36f50ecacbcc6ac10440d6575e78bdb75e92b1f5cc6a5c53a6ab5a5b24411029c011092d4886

    Score
    10/10
    bandookrattrojanupx

    • Bandook RAT

      Bandook is a remote access tool written in C++ and shipped with a loader written in Delphi.

      rattrojanbandook

    • Bandook payload

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks