Overview

overview

10

Static

static

1

ORDEN_DE_PEDIDO.exe

windows7-x64

10

ORDEN_DE_PEDIDO.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ORDEN_DE_PEDIDO.exe

  • Size

    3.2MB

  • Sample

    230430-j94slsah3z

  • MD5

    73121e22d29f8c1e7dc8812d8c704bf1

  • SHA1

    ea6e1db1c3487d7adf490f3b4c62041443509b0b

  • SHA256

    c7b44c11a21fd0de396590e3a9c704477ec55fa81fea002f7134131256f9e6a4

  • SHA512

    db382e1e446f6bdb471a7b0e3e28c489686937d673b2e7c14a882838493f5924eeb6d3dc919838cac7699fc39a3a7a378ff651a67edeec4a843640719a7693a4

  • SSDEEP

    24576:NnwuSOoLI7bugMt4K33Q3UEQDdrV3XgPz4Tgfe0ybZdF7W1TaPrs+r+Ij1q9SWAe:Nb+zL4DQdgkUTw/UWPmfT5zzeFC98u

Score
10/10
bandookrattrojanupx

Malware Config

Extracted

Family

bandook

C2

deapproved.ru

Targets

    • Target

      ORDEN_DE_PEDIDO.exe

    • Size

      3.2MB

    • MD5

      73121e22d29f8c1e7dc8812d8c704bf1

    • SHA1

      ea6e1db1c3487d7adf490f3b4c62041443509b0b

    • SHA256

      c7b44c11a21fd0de396590e3a9c704477ec55fa81fea002f7134131256f9e6a4

    • SHA512

      db382e1e446f6bdb471a7b0e3e28c489686937d673b2e7c14a882838493f5924eeb6d3dc919838cac7699fc39a3a7a378ff651a67edeec4a843640719a7693a4

    • SSDEEP

      24576:NnwuSOoLI7bugMt4K33Q3UEQDdrV3XgPz4Tgfe0ybZdF7W1TaPrs+r+Ij1q9SWAe:Nb+zL4DQdgkUTw/UWPmfT5zzeFC98u

    Score
    10/10
    bandookrattrojanupx

    • Bandook RAT

      Bandook is a remote access tool written in C++ and shipped with a loader written in Delphi.

      rattrojanbandook

    • Bandook payload

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks