bandook | 8f1ede8e647860581f1baa5f3c5eed5d4e8bbfd64ddfe896f9a92106d1ef19f3 | Triage

Submit
Reports

Overview

overview

Static

static

3

b7edddb3d7...0N.exe

windows7-x64

b7edddb3d7...0N.exe

windows10-2004-x64

Sharing

General

Target

b7edddb3d7041c22515c911b667c0150N.exe
Size

1.2MB
Sample

240817-wx64essekq
MD5

b7edddb3d7041c22515c911b667c0150
SHA1

3281cf78a8584b1498c064be10d3418bd221b29c
SHA256

8f1ede8e647860581f1baa5f3c5eed5d4e8bbfd64ddfe896f9a92106d1ef19f3
SHA512

f2a10053bcfffdbf14c7042b069369551e0b974d9524ac4e9ad70656a510e59b095acf391d3660b448da4059ad33537e48a90243df8a70967cfb4edfa7b7c46a
SSDEEP

24576:2ryExVz6NBWgLSffv5b8zJE8WipL5Nbs85ak:24aF8KiZ5u

Score

10^/10

bandook discovery persistence rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

b7edddb3d7041c22515c911b667c0150N.exe

Resource

win7-20240704-en

bandook discovery persistence rat trojan

windows7-x64

7 signatures

120 seconds

Behavioral task

behavioral2

Sample

b7edddb3d7041c22515c911b667c0150N.exe

Resource

win10v2004-20240802-en

bandook discovery persistence rat trojan

windows10-2004-x64

6 signatures

120 seconds

Malware Config

Extracted

Family

bandook

C2

ezeigbo.ddns.net

Targets

- Target
  
  b7edddb3d7041c22515c911b667c0150N.exe
- Size
  
  1.2MB
- MD5
  
  b7edddb3d7041c22515c911b667c0150
- SHA1
  
  3281cf78a8584b1498c064be10d3418bd221b29c
- SHA256
  
  8f1ede8e647860581f1baa5f3c5eed5d4e8bbfd64ddfe896f9a92106d1ef19f3
- SHA512
  
  f2a10053bcfffdbf14c7042b069369551e0b974d9524ac4e9ad70656a510e59b095acf391d3660b448da4059ad33537e48a90243df8a70967cfb4edfa7b7c46a
- SSDEEP
  
  24576:2ryExVz6NBWgLSffv5b8zJE8WipL5Nbs85ak:24aF8KiZ5u
Score

10^/10

bandook discovery persistence rat trojan
- Bandook RAT
  Bandook is a remote access tool written in C++ and shipped with a loader written in Delphi.
  rat trojan bandook
- Bandook payload
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bandookdiscoverypersistencerattrojan

behavioral2

bandookdiscoverypersistencerattrojan

© 2018-2025

Terms | Privacy