General

  • Target

    Profresca_Factura.exe

  • Size

    15.6MB

  • Sample

    240801-tq9vmayepj

  • MD5

    67890e34ff5481d0192a2325156d529a

  • SHA1

    10b3af966a24dc34187fdd5e527531b3bf34c244

  • SHA256

    22e2ab1e6a152237fb0cef6a0a24a8b7711c1ebb6c109625aaf85546075f5f56

  • SHA512

    a7431523ec48430fef07597eac54a61af62c57c2fe9ae99d7b633ceb3cda7b1e0ab73dddb1c5de61da24a36d70c9b59c027f797628a9d28796805a91e5306afe

  • SSDEEP

    49152:QF3eSw1ZnrHiKM2fPzVHc4sTWV0PcK7P5vPHQ9LXTKXhJ+4xPlMmL/6uDJ6gYmZa:QFuSw

Malware Config

Targets

    • Target

      Profresca_Factura.exe

    • Size

      15.6MB

    • MD5

      67890e34ff5481d0192a2325156d529a

    • SHA1

      10b3af966a24dc34187fdd5e527531b3bf34c244

    • SHA256

      22e2ab1e6a152237fb0cef6a0a24a8b7711c1ebb6c109625aaf85546075f5f56

    • SHA512

      a7431523ec48430fef07597eac54a61af62c57c2fe9ae99d7b633ceb3cda7b1e0ab73dddb1c5de61da24a36d70c9b59c027f797628a9d28796805a91e5306afe

    • SSDEEP

      49152:QF3eSw1ZnrHiKM2fPzVHc4sTWV0PcK7P5vPHQ9LXTKXhJ+4xPlMmL/6uDJ6gYmZa:QFuSw

    • Bandook RAT

      Bandook is a remote access tool written in C++ and shipped with a loader written in Delphi.

    • Bandook payload

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks