bandook | 83b4e3a3f52a7fae6ca3ca2a955a6e1b13e9769248cb75b8561b5d60c26a18a0 | Triage

Submit
Reports

Overview

overview

Static

static

1

Envio de pago.exe

windows7-x64

Envio de pago.exe

windows10-2004-x64

Sharing

General

Target

Envio de pago.exe
Size

5.9MB
Sample

230622-qe7dksfg91
MD5

186de479f8aaff2ed18aac1acf54b591
SHA1

84c43ddbd5eed1dac30374ac44cebb0adf1b52e8
SHA256

83b4e3a3f52a7fae6ca3ca2a955a6e1b13e9769248cb75b8561b5d60c26a18a0
SHA512

e88821331ff02e0b96769e9314291f920a0bb8d04bc7224dcd5638c3e11247203ed9d00ddbcd02e32368ef36175593fd475f50191092b65e1befd0544fe32c48
SSDEEP

49152:JFQPSP5e1ObxxpYflUaqtuu49nVaD/4H0lzDvQFEqLuhXJxs9Rp0D5zKDOmaQShr:JaPfe

Score

10^/10

bandook rat trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

Envio de pago.exe

Resource

win7-20230621-en

bandook rat trojan upx

windows7-x64

5 signatures

600 seconds

Behavioral task

behavioral2

Sample

Envio de pago.exe

Resource

win10v2004-20230621-en

bandook rat trojan upx

windows10-2004-x64

5 signatures

600 seconds

Malware Config

Extracted

Family

bandook

C2

humut.su

Targets

- Target
  
  Envio de pago.exe
- Size
  
  5.9MB
- MD5
  
  186de479f8aaff2ed18aac1acf54b591
- SHA1
  
  84c43ddbd5eed1dac30374ac44cebb0adf1b52e8
- SHA256
  
  83b4e3a3f52a7fae6ca3ca2a955a6e1b13e9769248cb75b8561b5d60c26a18a0
- SHA512
  
  e88821331ff02e0b96769e9314291f920a0bb8d04bc7224dcd5638c3e11247203ed9d00ddbcd02e32368ef36175593fd475f50191092b65e1befd0544fe32c48
- SSDEEP
  
  49152:JFQPSP5e1ObxxpYflUaqtuu49nVaD/4H0lzDvQFEqLuhXJxs9Rp0D5zKDOmaQShr:JaPfe
Score

10^/10

bandook rat trojan upx
- Bandook RAT
  Bandook is a remote access tool written in C++ and shipped with a loader written in Delphi.
  rat trojan bandook
- Bandook payload
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

bandookrattrojanupx

behavioral2

bandookrattrojanupx

© 2018-2024

Terms | Privacy