bandook | fa810720c2221e423174525d355252264f79ef9492f9050ed9504d0e33a24b1e | Triage

Submit
Reports

Overview

overview

Static

static

1

RECIBO DE ...58.exe

windows10-1703-x64

Sharing

General

Target

RECIBO DE PAGO #4858.exe
Size

2.9MB
Sample

230413-s61q8adg2v
MD5

e751c63b9d44912e8d728c4b42ff781f
SHA1

5d8617c3fcf7bc47f9e2d766b6d5e745a66e6535
SHA256

fa810720c2221e423174525d355252264f79ef9492f9050ed9504d0e33a24b1e
SHA512

607862f082f977dffb3ed51e0b7668c560a7b1d6afb7ad6fa73cfb227e6886f4be25f3479bee2983f7f17c49cfcb594dfea9859f32eff665d00474e2e3efa834
SSDEEP

49152:fm1oRufNhy88P/iIXW2VJXmvj1G/LWlisw3hs:fmcufi8b

Score

10^/10

bandook persistence rat trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

RECIBO DE PAGO #4858.exe

Resource

win10-20230220-en

bandook persistence rat trojan upx

windows10-1703-x64

9 signatures

600 seconds

Malware Config

Extracted

Family

bandook

C2

deapproved.ru

Targets

- Target
  
  RECIBO DE PAGO #4858.exe
- Size
  
  2.9MB
- MD5
  
  e751c63b9d44912e8d728c4b42ff781f
- SHA1
  
  5d8617c3fcf7bc47f9e2d766b6d5e745a66e6535
- SHA256
  
  fa810720c2221e423174525d355252264f79ef9492f9050ed9504d0e33a24b1e
- SHA512
  
  607862f082f977dffb3ed51e0b7668c560a7b1d6afb7ad6fa73cfb227e6886f4be25f3479bee2983f7f17c49cfcb594dfea9859f32eff665d00474e2e3efa834
- SSDEEP
  
  49152:fm1oRufNhy88P/iIXW2VJXmvj1G/LWlisw3hs:fmcufi8b
Score

10^/10

bandook persistence rat trojan upx
- Bandook RAT
  Bandook is a remote access tool written in C++ and shipped with a loader written in Delphi.
  rat trojan bandook
- Bandook payload
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bandookpersistencerattrojanupx

© 2018-2025

Terms | Privacy