bandook | ab8d1ee87ac5dc2adb51e45588ea7934aa3a50ceb4033ac2aca4d16f320ab609 | Triage

Submit
Reports

Overview

overview

Static

static

1

Retenciones.exe

windows7-x64

Retenciones.exe

windows10-2004-x64

Sharing

General

Target

Retenciones.exe
Size

3.2MB
Sample

230430-ka8g7aah4y
MD5

6bd530a8417b6ab6b5ea0230ebe16857
SHA1

9e7cdf3192707cd06ef9626d3d1867a7e419b23e
SHA256

ab8d1ee87ac5dc2adb51e45588ea7934aa3a50ceb4033ac2aca4d16f320ab609
SHA512

8c7d0317d2112f79b062fc73bd8f45c8475dece6d624a3721e4b14d84b13eb40b4ff27259dfb5f29e129c3d714a33d12695bf134463b565beb5698d5dbe45104
SSDEEP

49152:N+Laj3TXU7Ni5AacXjIuqGvGNP0FWtK7zI70l:ULATX0

Score

10^/10

bandook rat trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

Retenciones.exe

Resource

win7-20230220-en

bandook rat trojan upx

windows7-x64

5 signatures

300 seconds

Behavioral task

behavioral2

Sample

Retenciones.exe

Resource

win10v2004-20230220-en

bandook rat trojan upx

windows10-2004-x64

5 signatures

300 seconds

Malware Config

Extracted

Family

bandook

C2

deapproved.ru

Targets

- Target
  
  Retenciones.exe
- Size
  
  3.2MB
- MD5
  
  6bd530a8417b6ab6b5ea0230ebe16857
- SHA1
  
  9e7cdf3192707cd06ef9626d3d1867a7e419b23e
- SHA256
  
  ab8d1ee87ac5dc2adb51e45588ea7934aa3a50ceb4033ac2aca4d16f320ab609
- SHA512
  
  8c7d0317d2112f79b062fc73bd8f45c8475dece6d624a3721e4b14d84b13eb40b4ff27259dfb5f29e129c3d714a33d12695bf134463b565beb5698d5dbe45104
- SSDEEP
  
  49152:N+Laj3TXU7Ni5AacXjIuqGvGNP0FWtK7zI70l:ULATX0
Score

10^/10

bandook rat trojan upx
- Bandook RAT
  Bandook is a remote access tool written in C++ and shipped with a loader written in Delphi.
  rat trojan bandook
- Bandook payload
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

bandookrattrojanupx

behavioral2

bandookrattrojanupx

© 2018-2024

Terms | Privacy