bandook | 34bc03f62cce398c53c910f9c2c3aae2d081417a82f744c09426ff29525eda82 | Triage

Submit
Reports

Overview

overview

Static

static

1

REPORTE DE PAGO-1.exe

windows7-x64

REPORTE DE PAGO-1.exe

windows10-2004-x64

Sharing

General

Target

REPORTE DE PAGO-1.exe
Size

2.6MB
Sample

230430-ka8sysah4z
MD5

ef51568300ae7e7c78e27e5503a4f955
SHA1

c54415dadc7fa711122d92963d9d3823637b2b99
SHA256

34bc03f62cce398c53c910f9c2c3aae2d081417a82f744c09426ff29525eda82
SHA512

f18c10e979d7a962cd38dd399bed1258b429adc92ca19c38788691a8f851efbfebdcadd7c600b64573b34b7e12c67140862d91304251fc0e9b1a25106cafec88
SSDEEP

49152:RfEMHawa0Tns5D2b0+XFUlJ1qVNVWDawSmpwjw2e:Rq

Score

10^/10

bandook rat trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

REPORTE DE PAGO-1.exe

Resource

win7-20230220-en

bandook rat trojan upx

windows7-x64

5 signatures

300 seconds

Behavioral task

behavioral2

Sample

REPORTE DE PAGO-1.exe

Resource

win10v2004-20230220-en

bandook rat trojan upx

windows10-2004-x64

5 signatures

300 seconds

Malware Config

Extracted

Family

bandook

C2

deapproved.ru

Targets

- Target
  
  REPORTE DE PAGO-1.exe
- Size
  
  2.6MB
- MD5
  
  ef51568300ae7e7c78e27e5503a4f955
- SHA1
  
  c54415dadc7fa711122d92963d9d3823637b2b99
- SHA256
  
  34bc03f62cce398c53c910f9c2c3aae2d081417a82f744c09426ff29525eda82
- SHA512
  
  f18c10e979d7a962cd38dd399bed1258b429adc92ca19c38788691a8f851efbfebdcadd7c600b64573b34b7e12c67140862d91304251fc0e9b1a25106cafec88
- SSDEEP
  
  49152:RfEMHawa0Tns5D2b0+XFUlJ1qVNVWDawSmpwjw2e:Rq
Score

10^/10

bandook rat trojan upx
- Bandook RAT
  Bandook is a remote access tool written in C++ and shipped with a loader written in Delphi.
  rat trojan bandook
- Bandook payload
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

bandookrattrojanupx

behavioral2

bandookrattrojanupx

© 2018-2024

Terms | Privacy