Overview

overview

10

Static

static

7

f47bc12383...in.dll

windows7_x64

10

f47bc12383...in.dll

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f47bc123831a1855a959fbf51b4138683af7bbbde13ad9f164594d2aa6516791.bin

  • Size

    7.1MB

  • Sample

    210919-n3gfysefar

  • MD5

    473b4e622b982a92cba1ba8afcda8273

  • SHA1

    9a7a192b67895f63f1afdf5adf7ba2d195a17d80

  • SHA256

    f47bc123831a1855a959fbf51b4138683af7bbbde13ad9f164594d2aa6516791

  • SHA512

    bd437fa921c6e2c74d8c8aacc94daf2a560f90ad0fde54004902eb55b009bd705aa9e58e27e49e16f32f962302363e7991af59ba212be0f438909dc5be6032b0

Score
10/10
numandobackdoorevasionthemidatrojan

Malware Config

Targets

    • Target

      f47bc123831a1855a959fbf51b4138683af7bbbde13ad9f164594d2aa6516791.bin

    • Size

      7.1MB

    • MD5

      473b4e622b982a92cba1ba8afcda8273

    • SHA1

      9a7a192b67895f63f1afdf5adf7ba2d195a17d80

    • SHA256

      f47bc123831a1855a959fbf51b4138683af7bbbde13ad9f164594d2aa6516791

    • SHA512

      bd437fa921c6e2c74d8c8aacc94daf2a560f90ad0fde54004902eb55b009bd705aa9e58e27e49e16f32f962302363e7991af59ba212be0f438909dc5be6032b0

    Score
    10/10
    numandobackdoorevasionthemidatrojan

    • Detect Numando Payload

    • Numando

      Numando is a banking trojan/backdoor targeting Latin America which uses Youtube and Pastebin for C2 communications.

      trojanbackdoornumando

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks