General

  • Target

    f47bc123831a1855a959fbf51b4138683af7bbbde13ad9f164594d2aa6516791.bin

  • Size

    7MB

  • Sample

    210919-n3gfysefar

  • MD5

    473b4e622b982a92cba1ba8afcda8273

  • SHA1

    9a7a192b67895f63f1afdf5adf7ba2d195a17d80

  • SHA256

    f47bc123831a1855a959fbf51b4138683af7bbbde13ad9f164594d2aa6516791

  • SHA512

    bd437fa921c6e2c74d8c8aacc94daf2a560f90ad0fde54004902eb55b009bd705aa9e58e27e49e16f32f962302363e7991af59ba212be0f438909dc5be6032b0

Malware Config

Targets

    • Target

      f47bc123831a1855a959fbf51b4138683af7bbbde13ad9f164594d2aa6516791.bin

    • Size

      7MB

    • MD5

      473b4e622b982a92cba1ba8afcda8273

    • SHA1

      9a7a192b67895f63f1afdf5adf7ba2d195a17d80

    • SHA256

      f47bc123831a1855a959fbf51b4138683af7bbbde13ad9f164594d2aa6516791

    • SHA512

      bd437fa921c6e2c74d8c8aacc94daf2a560f90ad0fde54004902eb55b009bd705aa9e58e27e49e16f32f962302363e7991af59ba212be0f438909dc5be6032b0

    • Detect Numando Payload

    • Numando

      Numando is a banking trojan/backdoor targeting Latin America which uses Youtube and Pastebin for C2 communications.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Execution

          Exfiltration

            Impact

              Initial Access

                Lateral Movement

                  Persistence

                    Privilege Escalation