bandook | 0ec125785855329c5cf9dc57e0d43c1aa9dd102068e86509321a0f96dbe5213f | Triage

Submit
Reports

Overview

overview

Static

static

1

7d4dcff5a1...cc.exe

windows10-2004-x64

Sharing

General

Target

MDE_File_Sample_4171d999ac09b358f1ecdeb7ff4bdd1fe368e8d2beab2b34d1b3a9ae165e6005.zip
Size

4.0MB
Sample

230718-y6wp6aed9v
MD5

7c1847dab4f4c7b0ca68912df702e031
SHA1

7474b9fcbb59b6cb2545bbbc5843cda247d7b259
SHA256

0ec125785855329c5cf9dc57e0d43c1aa9dd102068e86509321a0f96dbe5213f
SHA512

7958fc6b2193f0743900d19988e95156c918c4a3da40b8004e958465d1508efe86cb4ff72bf5fb02f1d41da3867638f3f6164211902a3d8c0eb3458b74da8110
SSDEEP

98304:a/DyL89+WFjwqGcU1UglcksEBDd7B5HT8r9VFNnkce+E+RFm4laG9eR+eG:ar59+WFsqGcqsE/B9T8JVzZRQ8

Score

10^/10

bandook persistence rat trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

7d4dcff5a13e4ae85a620e5bf234af39f55ce0cc.exe

Resource

win10v2004-20230703-en

bandook persistence rat trojan upx

windows10-2004-x64

6 signatures

1200 seconds

Malware Config

Extracted

Family

bandook

C2

185.10.68.52

Targets

- Target
  
  7d4dcff5a13e4ae85a620e5bf234af39f55ce0cc
- Size
  
  5.4MB
- MD5
  
  e81aef3c68dcdbd2fa9f34cdf438069d
- SHA1
  
  7d4dcff5a13e4ae85a620e5bf234af39f55ce0cc
- SHA256
  
  4171d999ac09b358f1ecdeb7ff4bdd1fe368e8d2beab2b34d1b3a9ae165e6005
- SHA512
  
  01beb65f1acd99ea753a9ac903591240960733d927fa99fce34ae411843fa2f4225212d7e901edacc137fd2c8e8a97efb54018db8ace417f258d2f8e4d19e3e2
- SSDEEP
  
  49152:XcJ48N5owU9jYLEGPsuVZe1GAMXC4ll+8iBMmARC6y+9Vsl8DW7YeQv/53TGdwiI:sq8AwIU
Score

10^/10

bandook persistence rat trojan upx
- Bandook RAT
  Bandook is a remote access tool written in C++ and shipped with a loader written in Delphi.
  rat trojan bandook
- Bandook payload
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bandookpersistencerattrojanupx

© 2018-2024

Terms | Privacy