Resubmissions
26-07-2023 20:29
230726-y9p2sagd4x 10General
-
Target
página-principal
-
Size
45KB
-
Sample
230726-y9p2sagd4x
-
MD5
0ee4dfff7498f365912b544f2991928f
-
SHA1
a92be3cd8fcfff5eb7707c50d8c86abb3a6951e0
-
SHA256
188357aad90355aa2b2fbd6080eeca00b35f63dcd8d4584740daf019f6be3298
-
SHA512
34e051b67ba256aceeebb7ccea0dc20885ae1990ae910996f6ceaacfbcf04861d79b961ec15377ce4b03bc01e2e4e2df73ed0631dec22f725bb65f28cf03daae
-
SSDEEP
384:YzexVkJRwmxjXzzexVALPHKi32qp8+5qz+lhkD+DHq+ViL52i4hbV1G+nm+qHQx:qeARwez3e8RjqAkoHR9y+nyS
Malware Config
Extracted
bandook
185.10.68.52
Targets
-
-
Target
página-principal
-
Size
45KB
-
MD5
0ee4dfff7498f365912b544f2991928f
-
SHA1
a92be3cd8fcfff5eb7707c50d8c86abb3a6951e0
-
SHA256
188357aad90355aa2b2fbd6080eeca00b35f63dcd8d4584740daf019f6be3298
-
SHA512
34e051b67ba256aceeebb7ccea0dc20885ae1990ae910996f6ceaacfbcf04861d79b961ec15377ce4b03bc01e2e4e2df73ed0631dec22f725bb65f28cf03daae
-
SSDEEP
384:YzexVkJRwmxjXzzexVALPHKi32qp8+5qz+lhkD+DHq+ViL52i4hbV1G+nm+qHQx:qeARwez3e8RjqAkoHR9y+nyS
Score10/10-
Bandook RAT
Bandook is a remote access tool written in C++ and shipped with a loader written in Delphi.
-
Bandook payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Registers COM server for autorun
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-