bandook | 8850d6b354a85417efa5bcc8ac2cac08f8840fafca848ef92d5267fa4e955b2f | Triage

Submit
Reports

Overview

overview

Static

static

4

COTIZACION...23.pdf

windows10-2004-x64

Resubmissions

21-10-2023 15:47

231021-s8b6msfd8t 10

21-10-2023 14:46

231021-r5ksyagf83 7

Sharing

General

Target

COTIZACION GRUPO AMA_NECER 19-10-2023.pdf
Size

107KB
Sample

231021-s8b6msfd8t
MD5

1ba1e989a14431d8a0fbea48d087ec45
SHA1

59b6f1e698f68f6a07647aa9eedea42804be6580
SHA256

8850d6b354a85417efa5bcc8ac2cac08f8840fafca848ef92d5267fa4e955b2f
SHA512

0e8ae4ec2dfe0d9e38e97ddddf55c29559c02ea66d44c7c0873bc0e61cda273d2c49fb24b528cbf9fd5203dcb90e5f0e8f88288ea5fe50c9c5b8dc8a34d62be2
SSDEEP

3072:tU+Yvdg642ZlUsVucdWjOIClE4QMIy6gvrh:tUPvd6mldu0WS10OPh

Score

10^/10

bandook link pdf persistence rat trojan upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

COTIZACION GRUPO AMA_NECER 19-10-2023.pdf

Resource

win10v2004-20231020-en

bandook persistence rat trojan upx

windows10-2004-x64

19 signatures

1200 seconds

Malware Config

Targets

- Target
  
  COTIZACION GRUPO AMA_NECER 19-10-2023.pdf
- Size
  
  107KB
- MD5
  
  1ba1e989a14431d8a0fbea48d087ec45
- SHA1
  
  59b6f1e698f68f6a07647aa9eedea42804be6580
- SHA256
  
  8850d6b354a85417efa5bcc8ac2cac08f8840fafca848ef92d5267fa4e955b2f
- SHA512
  
  0e8ae4ec2dfe0d9e38e97ddddf55c29559c02ea66d44c7c0873bc0e61cda273d2c49fb24b528cbf9fd5203dcb90e5f0e8f88288ea5fe50c9c5b8dc8a34d62be2
- SSDEEP
  
  3072:tU+Yvdg642ZlUsVucdWjOIClE4QMIy6gvrh:tUPvd6mldu0WS10OPh
Score

10^/10

bandook persistence rat trojan upx
- Bandook RAT
  Bandook is a remote access tool written in C++ and shipped with a loader written in Delphi.
  rat trojan bandook
- Bandook payload
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bandookpersistencerattrojanupx

© 2018-2024

Terms | Privacy