bandook | 7d28407543d33ecb43a31a7c5657a5cda688a50a13fb3c734abad73eac58bc46 | Triage

Submit
Reports

Overview

overview

Static

static

1

FACTURA AB...65.exe

windows7-x64

FACTURA AB...65.exe

windows10-2004-x64

Sharing

General

Target

FACTURA ABONADA #F10565.exe
Size

2.9MB
Sample

230430-j881yahb23
MD5

2431b8b825da65026210fd80faf9414b
SHA1

738e46b2c39a1b30b07032f447335873fef37093
SHA256

7d28407543d33ecb43a31a7c5657a5cda688a50a13fb3c734abad73eac58bc46
SHA512

7685f7d273063530a5fd27eb94f28e78218da74f14c3222a76eb772faf68835bf44ead5fcf7aca351f604db05c76e5cfd8165ace835e72bff78c597b900c429c
SSDEEP

49152:bbQ/ZD8sYKiqhEcByJAwhryhoM04AVCDgNM4RpmQ:bbiD8/

Score

10^/10

bandook rat trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

FACTURA ABONADA #F10565.exe

Resource

win7-20230220-en

bandook rat trojan upx

windows7-x64

5 signatures

300 seconds

Behavioral task

behavioral2

Sample

FACTURA ABONADA #F10565.exe

Resource

win10v2004-20230220-en

bandook rat trojan upx

windows10-2004-x64

5 signatures

300 seconds

Malware Config

Extracted

Family

bandook

C2

deapproved.ru

Targets

- Target
  
  FACTURA ABONADA #F10565.exe
- Size
  
  2.9MB
- MD5
  
  2431b8b825da65026210fd80faf9414b
- SHA1
  
  738e46b2c39a1b30b07032f447335873fef37093
- SHA256
  
  7d28407543d33ecb43a31a7c5657a5cda688a50a13fb3c734abad73eac58bc46
- SHA512
  
  7685f7d273063530a5fd27eb94f28e78218da74f14c3222a76eb772faf68835bf44ead5fcf7aca351f604db05c76e5cfd8165ace835e72bff78c597b900c429c
- SSDEEP
  
  49152:bbQ/ZD8sYKiqhEcByJAwhryhoM04AVCDgNM4RpmQ:bbiD8/
Score

10^/10

bandook rat trojan upx
- Bandook RAT
  Bandook is a remote access tool written in C++ and shipped with a loader written in Delphi.
  rat trojan bandook
- Bandook payload
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

bandookrattrojanupx

behavioral2

bandookrattrojanupx

© 2018-2024

Terms | Privacy