Extracted

• • Target

    4f1923485e8cdd052467d335a6384f93cd1d50b5d927aea471e56290be29ffa3.exe

  • Size

    977KB

  • MD5

    f000ca9522aafa0c54b863528228a43b

  • SHA1

    c636e88b9e8079ba086f5cdb132fa39e747d0f23

  • SHA256

    4f1923485e8cdd052467d335a6384f93cd1d50b5d927aea471e56290be29ffa3

  • SHA512

    ccbb478d676a3c6f1355ab30933196c5bf41b64b613e8efe661546c238700ce2aec340390af9069c303a43bc7c4f41400c418920041cf4967c6e02b272ef372d

  • SSDEEP

    24576:2ZcgQmXNGZQFXu+pcUKR9ZS2hWN8ow/hvdY/:2ZBgZRZUwJ

  Score

  10^/10

  bandookrattrojanpersistence

  • Bandook RAT

    Bandook is a remote access tool written in C++ and shipped with a loader written in Delphi.

    rattrojanbandook

  • Bandook payload

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2