Overview

overview

10

Static

static

1

Factura_de_Cobro.exe

windows7-x64

1

Factura_de_Cobro.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Factura_de_Cobro.exe

  • Size

    2.5MB

  • Sample

    230412-zahdbseh87

  • MD5

    8a3525f81e5b34ad2962b0aadae1fd65

  • SHA1

    20d1958a0ecb408150a64e98283844001d9f0cc8

  • SHA256

    6b0d9009acc0fc79503a312aaf7d5c77a32d3e5cfb1eeb4e2d4d29ebf5d297df

  • SHA512

    d6f4c18e841fe4d09311cf70646dec4174be79832970c91a195c4982940a0955c67d279deda36f3f7b3ff876023ecb3d7af8f6e18b4472bcb47056ed895aed37

  • SSDEEP

    49152:YOqafT7Opi8X91QNN028AMwLihFwwtjwUs:YE

Score
10/10
bandookrattrojanupx

Malware Config

Extracted

Family

bandook

C2

gombos.ru

Targets

    • Target

      Factura_de_Cobro.exe

    • Size

      2.5MB

    • MD5

      8a3525f81e5b34ad2962b0aadae1fd65

    • SHA1

      20d1958a0ecb408150a64e98283844001d9f0cc8

    • SHA256

      6b0d9009acc0fc79503a312aaf7d5c77a32d3e5cfb1eeb4e2d4d29ebf5d297df

    • SHA512

      d6f4c18e841fe4d09311cf70646dec4174be79832970c91a195c4982940a0955c67d279deda36f3f7b3ff876023ecb3d7af8f6e18b4472bcb47056ed895aed37

    • SSDEEP

      49152:YOqafT7Opi8X91QNN028AMwLihFwwtjwUs:YE

    Score
    10/10
    bandookrattrojanupx

    • Bandook RAT

      Bandook is a remote access tool written in C++ and shipped with a loader written in Delphi.

      rattrojanbandook

    • Bandook payload

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks