General

  • Target

    f3e180897f615a8d54fbe97faebd15e80be7358a3d4aa7ea8511a73285b3fe85.bin

  • Size

    5MB

  • Sample

    210919-n3f57acab7

  • MD5

    c7d18c4670aebfa94bfbe270f651f424

  • SHA1

    4a1c48064167fc4ad5d943a54a34785b3682da92

  • SHA256

    f3e180897f615a8d54fbe97faebd15e80be7358a3d4aa7ea8511a73285b3fe85

  • SHA512

    a125054101e7f58e0ed4f48d635959493860c8d26abca8b5c80ba50cddc47a76e787fd65291a0f42f797b958ec133cc6677e76ed49986675b91ef4e90d54c018

Malware Config

Targets

    • Target

      f3e180897f615a8d54fbe97faebd15e80be7358a3d4aa7ea8511a73285b3fe85.bin

    • Size

      5MB

    • MD5

      c7d18c4670aebfa94bfbe270f651f424

    • SHA1

      4a1c48064167fc4ad5d943a54a34785b3682da92

    • SHA256

      f3e180897f615a8d54fbe97faebd15e80be7358a3d4aa7ea8511a73285b3fe85

    • SHA512

      a125054101e7f58e0ed4f48d635959493860c8d26abca8b5c80ba50cddc47a76e787fd65291a0f42f797b958ec133cc6677e76ed49986675b91ef4e90d54c018

    • Detect Numando Payload

    • Numando

      Numando is a banking trojan/backdoor targeting Latin America which uses Youtube and Pastebin for C2 communications.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Matrix

Command and Control

    Credential Access

    Defense Evasion

    Execution

      Exfiltration

        Impact

          Initial Access

            Lateral Movement

              Privilege Escalation