Overview

overview

10

Static

static

1

Factura_el...a1.exe

windows7-x64

10

Factura_el...a1.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Factura_electronica1.exe

  • Size

    3.6MB

  • Sample

    230430-j9nrdsah3v

  • MD5

    a3011c0542160760ba97ebccb580f65e

  • SHA1

    ebeeb94268277bd98ec89bbf05388507ba97732f

  • SHA256

    45e2535c9a8af68576fa2c10f0de90166c3fda44654e5b872f161d8d765e9cfa

  • SHA512

    e30bba3a605a372f53e2ee00073dcc524800fdf8b8cba727239f122ebb512f662b443cc42bf485e702866b80c6cc5c1766b1ccfdf2a961e568d60cc95498fc44

  • SSDEEP

    49152:daJk68QXFXG5rCm011rwmAbxLqkoM2jXCGsIf7SbxHKHtTnUkcNVuV9zwuA:dt15rr

Score
10/10
bandookrattrojanupx

Malware Config

Extracted

Family

bandook

C2

deapproved.ru

Targets

    • Target

      Factura_electronica1.exe

    • Size

      3.6MB

    • MD5

      a3011c0542160760ba97ebccb580f65e

    • SHA1

      ebeeb94268277bd98ec89bbf05388507ba97732f

    • SHA256

      45e2535c9a8af68576fa2c10f0de90166c3fda44654e5b872f161d8d765e9cfa

    • SHA512

      e30bba3a605a372f53e2ee00073dcc524800fdf8b8cba727239f122ebb512f662b443cc42bf485e702866b80c6cc5c1766b1ccfdf2a961e568d60cc95498fc44

    • SSDEEP

      49152:daJk68QXFXG5rCm011rwmAbxLqkoM2jXCGsIf7SbxHKHtTnUkcNVuV9zwuA:dt15rr

    Score
    10/10
    bandookrattrojanupx

    • Bandook RAT

      Bandook is a remote access tool written in C++ and shipped with a loader written in Delphi.

      rattrojanbandook

    • Bandook payload

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks