Overview

overview

10

Static

static

1

RECIBO DE ...58.exe

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    RECIBO DE PAGO #4858.exe

  • Size

    2.9MB

  • Sample

    230413-s61q8adg2v

  • MD5

    e751c63b9d44912e8d728c4b42ff781f

  • SHA1

    5d8617c3fcf7bc47f9e2d766b6d5e745a66e6535

  • SHA256

    fa810720c2221e423174525d355252264f79ef9492f9050ed9504d0e33a24b1e

  • SHA512

    607862f082f977dffb3ed51e0b7668c560a7b1d6afb7ad6fa73cfb227e6886f4be25f3479bee2983f7f17c49cfcb594dfea9859f32eff665d00474e2e3efa834

  • SSDEEP

    49152:fm1oRufNhy88P/iIXW2VJXmvj1G/LWlisw3hs:fmcufi8b

Score
10/10
bandookpersistencerattrojanupx

Malware Config

Extracted

Family

bandook

C2

deapproved.ru

Targets

    • Target

      RECIBO DE PAGO #4858.exe

    • Size

      2.9MB

    • MD5

      e751c63b9d44912e8d728c4b42ff781f

    • SHA1

      5d8617c3fcf7bc47f9e2d766b6d5e745a66e6535

    • SHA256

      fa810720c2221e423174525d355252264f79ef9492f9050ed9504d0e33a24b1e

    • SHA512

      607862f082f977dffb3ed51e0b7668c560a7b1d6afb7ad6fa73cfb227e6886f4be25f3479bee2983f7f17c49cfcb594dfea9859f32eff665d00474e2e3efa834

    • SSDEEP

      49152:fm1oRufNhy88P/iIXW2VJXmvj1G/LWlisw3hs:fmcufi8b

    Score
    10/10
    bandookpersistencerattrojanupx

    • Bandook RAT

      Bandook is a remote access tool written in C++ and shipped with a loader written in Delphi.

      rattrojanbandook

    • Bandook payload

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence
    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks