Overview

overview

10

Static

static

1

1TICKET DE PAGO-1.exe

windows7-x64

10

1TICKET DE PAGO-1.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1TICKET DE PAGO-1.exe

  • Size

    2.6MB

  • Sample

    230430-j7ytksag9w

  • MD5

    28046d56faf2aff81e4c73b931fc71a5

  • SHA1

    d59eb0e33eec58cd471baa8b4809c5eb9e7c600f

  • SHA256

    c85634a966ed514c57f705744972f777ffb3d7c91d07472d013f5bf39ab2485b

  • SHA512

    dcbc631affce860e14aa613cc33393ceafcce60fe8dec4aa4e9244ae5785cfd4d4b78a24c5028e8656f4ceb47b20d836aadbcd85f44a2e8897fb5fb79217507d

  • SSDEEP

    24576:7QvIbnxx7gup2l14MzLonLp+9ekwv8IgGQpwuOcVDaeOXd4fEd003ldY632tu//X:7G28ZDekg8WOT2KIB10P1YoC

Score
10/10
bandookrattrojanupx

Malware Config

Extracted

Family

bandook

C2

deapproved.ru

Targets

    • Target

      1TICKET DE PAGO-1.exe

    • Size

      2.6MB

    • MD5

      28046d56faf2aff81e4c73b931fc71a5

    • SHA1

      d59eb0e33eec58cd471baa8b4809c5eb9e7c600f

    • SHA256

      c85634a966ed514c57f705744972f777ffb3d7c91d07472d013f5bf39ab2485b

    • SHA512

      dcbc631affce860e14aa613cc33393ceafcce60fe8dec4aa4e9244ae5785cfd4d4b78a24c5028e8656f4ceb47b20d836aadbcd85f44a2e8897fb5fb79217507d

    • SSDEEP

      24576:7QvIbnxx7gup2l14MzLonLp+9ekwv8IgGQpwuOcVDaeOXd4fEd003ldY632tu//X:7G28ZDekg8WOT2KIB10P1YoC

    Score
    10/10
    bandookrattrojanupx

    • Bandook RAT

      Bandook is a remote access tool written in C++ and shipped with a loader written in Delphi.

      rattrojanbandook

    • Bandook payload

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks