Overview

overview

10

Static

static

1

PRINTDOC-26042023.exe

windows7-x64

10

PRINTDOC-26042023.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PRINTDOC-26042023.exe

  • Size

    1.6MB

  • Sample

    230430-kalneshb38

  • MD5

    d93c9ba4398fa43ebf524019d9ae0145

  • SHA1

    665b39e8c3aaf7fbe323eabe200fbd09b3d5a2c1

  • SHA256

    fa683328c33044dc03a980fd332e5634b7498d30659789e103fff5317fb39a28

  • SHA512

    b3dd2745cd1b609bf6576e045355eec6db67b605d583f3a1cd064131f32716910f5ba9bf1ab390567a0af07e2cef3122315da07382c99077bc77586276b2f040

  • SSDEEP

    24576:P1bMBO5V78tQYqSBzMT4JUkvunQoyfOqmW6VF0lMNH8yb4xsDVa9gmwtUpDdl:PbVeS3MmxVnxUQcLwYDb

Score
10/10
bandookrattrojanupx

Malware Config

Extracted

Family

bandook

C2

gombos.ru

Targets

    • Target

      PRINTDOC-26042023.exe

    • Size

      1.6MB

    • MD5

      d93c9ba4398fa43ebf524019d9ae0145

    • SHA1

      665b39e8c3aaf7fbe323eabe200fbd09b3d5a2c1

    • SHA256

      fa683328c33044dc03a980fd332e5634b7498d30659789e103fff5317fb39a28

    • SHA512

      b3dd2745cd1b609bf6576e045355eec6db67b605d583f3a1cd064131f32716910f5ba9bf1ab390567a0af07e2cef3122315da07382c99077bc77586276b2f040

    • SSDEEP

      24576:P1bMBO5V78tQYqSBzMT4JUkvunQoyfOqmW6VF0lMNH8yb4xsDVa9gmwtUpDdl:PbVeS3MmxVnxUQcLwYDb

    Score
    10/10
    bandookrattrojanupx

    • Bandook RAT

      Bandook is a remote access tool written in C++ and shipped with a loader written in Delphi.

      rattrojanbandook

    • Bandook payload

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks