bandook | c6cc299e6844352e287014b48ab1d2ee4963e3c19c2c108404344e0c02a204f4 | Triage

Submit
Reports

Overview

overview

Static

static

1

Factura_Ca...65.exe

windows7-x64

Factura_Ca...65.exe

windows10-2004-x64

Sharing

General

Target

Factura_Cancelada #9665.exe
Size

2.5MB
Sample

230430-j9pzfsah3y
MD5

1364bf7f610d63e3acae29a01fa7fc42
SHA1

d172088d17333c8547c887776bb202612a99cdf3
SHA256

c6cc299e6844352e287014b48ab1d2ee4963e3c19c2c108404344e0c02a204f4
SHA512

6af13f82dc2701d889ca402d25f20a1fdc564ade14fb00a57cbe4045bf509a9350decea951a6737a94a1d45a4c22786a6c8720d99f40e028eff9ff55cffbe65e
SSDEEP

24576:L1bMBO5V78tQYqSb8mvc68VQhQ1pMj0DRq+5xHsWVBYIpf8FVpE4mlTFXv/+XmJX:LbVOO16wDRN5DKBtBmzXMZhqkX9S

Score

10^/10

bandook rat trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

Factura_Cancelada #9665.exe

Resource

win7-20230220-en

bandook rat trojan upx

windows7-x64

6 signatures

300 seconds

Behavioral task

behavioral2

Sample

Factura_Cancelada #9665.exe

Resource

win10v2004-20230220-en

bandook rat trojan upx

windows10-2004-x64

5 signatures

300 seconds

Malware Config

Extracted

Family

bandook

C2

gombos.ru

Targets

- Target
  
  Factura_Cancelada #9665.exe
- Size
  
  2.5MB
- MD5
  
  1364bf7f610d63e3acae29a01fa7fc42
- SHA1
  
  d172088d17333c8547c887776bb202612a99cdf3
- SHA256
  
  c6cc299e6844352e287014b48ab1d2ee4963e3c19c2c108404344e0c02a204f4
- SHA512
  
  6af13f82dc2701d889ca402d25f20a1fdc564ade14fb00a57cbe4045bf509a9350decea951a6737a94a1d45a4c22786a6c8720d99f40e028eff9ff55cffbe65e
- SSDEEP
  
  24576:L1bMBO5V78tQYqSb8mvc68VQhQ1pMj0DRq+5xHsWVBYIpf8FVpE4mlTFXv/+XmJX:LbVOO16wDRN5DKBtBmzXMZhqkX9S
Score

10^/10

bandook rat trojan upx
- Bandook RAT
  Bandook is a remote access tool written in C++ and shipped with a loader written in Delphi.
  rat trojan bandook
- Bandook payload
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

bandookrattrojanupx

behavioral2

bandookrattrojanupx

© 2018-2024

Terms | Privacy