Overview

overview

10

Static

static

3

Profresca_Factura.exe

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Profresca_Factura.exe

  • Size

    15.6MB

  • Sample

    231208-wtl9vadcd4

  • MD5

    67890e34ff5481d0192a2325156d529a

  • SHA1

    10b3af966a24dc34187fdd5e527531b3bf34c244

  • SHA256

    22e2ab1e6a152237fb0cef6a0a24a8b7711c1ebb6c109625aaf85546075f5f56

  • SHA512

    a7431523ec48430fef07597eac54a61af62c57c2fe9ae99d7b633ceb3cda7b1e0ab73dddb1c5de61da24a36d70c9b59c027f797628a9d28796805a91e5306afe

  • SSDEEP

    49152:QF3eSw1ZnrHiKM2fPzVHc4sTWV0PcK7P5vPHQ9LXTKXhJ+4xPlMmL/6uDJ6gYmZa:QFuSw

Score
10/10
bandookrattrojanupx

Malware Config

Targets

    • Target

      Profresca_Factura.exe

    • Size

      15.6MB

    • MD5

      67890e34ff5481d0192a2325156d529a

    • SHA1

      10b3af966a24dc34187fdd5e527531b3bf34c244

    • SHA256

      22e2ab1e6a152237fb0cef6a0a24a8b7711c1ebb6c109625aaf85546075f5f56

    • SHA512

      a7431523ec48430fef07597eac54a61af62c57c2fe9ae99d7b633ceb3cda7b1e0ab73dddb1c5de61da24a36d70c9b59c027f797628a9d28796805a91e5306afe

    • SSDEEP

      49152:QF3eSw1ZnrHiKM2fPzVHc4sTWV0PcK7P5vPHQ9LXTKXhJ+4xPlMmL/6uDJ6gYmZa:QFuSw

    Score
    10/10
    bandookrattrojanupx

    • Bandook RAT

      Bandook is a remote access tool written in C++ and shipped with a loader written in Delphi.

      rattrojanbandook

    • Bandook payload

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Tasks