Extracted

• • Target

    Cancelar Factura.exe

  • Size

    2.9MB

  • MD5

    5c3cb19563848d0bee7238a6bf55abc9

  • SHA1

    766737ca6149bcd018ef7cfce49b3b90fe0325d9

  • SHA256

    c1c7a5fe3203fe7ecd6b4581a12f85803174d5e2b8df2e98cccb8a5d740b1d36

  • SHA512

    bbf31136b59edfc1c630a96e348a20d7f494e999534e19aea565ca9c2f074f27be8bac27ccf07165c5f025daa955741a131424250a543d83e6e46fed2af44341

  • SSDEEP

    49152:Ofc6jhQyaOKBcZt7MUt0dfwwWC1R9Jbl8/u5K:O062yaOt

  Score

  10^/10

  bandookpersistencerattrojanupx

  • Bandook RAT

    Bandook is a remote access tool written in C++ and shipped with a loader written in Delphi.

    rattrojanbandook

  • Bandook payload

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Adds Run key to start application

    persistence
  behavioral1behavioral2