bandook | 9d2c845c497b734d8cfa74b90cbb1191fc25de53652c8b4d510a23cca75dfba7 | Triage

Submit
Reports

Overview

overview

Static

static

3

IM00114PRES.exe

windows7-x64

7

IM00114PRES.exe

windows10-2004-x64

Sharing

General

Target

IM00114PRES.exe
Size

12.0MB
Sample

231014-n4zzpaff42
MD5

0788c6ffcf438e660909c108c60984d4
SHA1

e36b267a952dbc7f3d2dc09cb087a44af43a5ae3
SHA256

9d2c845c497b734d8cfa74b90cbb1191fc25de53652c8b4d510a23cca75dfba7
SHA512

1590776a8f40ef600624e01fee8d74823793dfec059bb8fd3099629b31b5a2e189708ee298243e90ac44e27c43078ed4291a652434e003761f9dd3dcf627b69d
SSDEEP

49152:NFZaH72h213UhRjvtw2WvwMwB9ydpyn4ewRcuBaHaK0NyqZm8NPnroNygC8aCOku:NFH21

Score

10^/10

bandook rat trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

IM00114PRES.exe

Resource

win7-20230831-en

windows7-x64

2 signatures

600 seconds

Behavioral task

behavioral2

Sample

IM00114PRES.exe

Resource

win10v2004-20230915-en

bandook rat trojan upx

windows10-2004-x64

5 signatures

600 seconds

Malware Config

Targets

- Target
  
  IM00114PRES.exe
- Size
  
  12.0MB
- MD5
  
  0788c6ffcf438e660909c108c60984d4
- SHA1
  
  e36b267a952dbc7f3d2dc09cb087a44af43a5ae3
- SHA256
  
  9d2c845c497b734d8cfa74b90cbb1191fc25de53652c8b4d510a23cca75dfba7
- SHA512
  
  1590776a8f40ef600624e01fee8d74823793dfec059bb8fd3099629b31b5a2e189708ee298243e90ac44e27c43078ed4291a652434e003761f9dd3dcf627b69d
- SSDEEP
  
  49152:NFZaH72h213UhRjvtw2WvwMwB9ydpyn4ewRcuBaHaK0NyqZm8NPnroNygC8aCOku:NFH21
Score

10^/10

upx bandook rat trojan
- Bandook RAT
  Bandook is a remote access tool written in C++ and shipped with a loader written in Delphi.
  rat trojan bandook
- Bandook payload
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

bandookrattrojanupx

© 2018-2024

Terms | Privacy