numando | e07e5f0295deb4c8a77519cf41d915046d6962db92b7e667f68267d30e0b8399 | Triage

Submit
Reports

Overview

overview

Static

static

RT.msi

windows7_x64

RT.msi

windows10_x64

Sharing

General

Target

RT.msi
Size

2.2MB
Sample

211213-3wclraeef4
MD5

55b75999aeba3ccfd5309b39d7880baa
SHA1

293a2c7cd6ab5851563d868d549e9a2dfd00842c
SHA256

e07e5f0295deb4c8a77519cf41d915046d6962db92b7e667f68267d30e0b8399
SHA512

59a8bad2040260f13ec4171e5ce6f28b04b1d6705aed4d7c9a9270c472062095bd4ec8cdc38fe962a55b8f8bc0b8f5afc4565d99f3dffee87dc12b107f9fd76f

Score

10^/10

numando backdoor persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

RT.msi

Resource

win7-en-20211208

numando backdoor persistence spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

RT.msi

Resource

win10-en-20211208

numando backdoor persistence spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  RT.msi
- Size
  
  2.2MB
- MD5
  
  55b75999aeba3ccfd5309b39d7880baa
- SHA1
  
  293a2c7cd6ab5851563d868d549e9a2dfd00842c
- SHA256
  
  e07e5f0295deb4c8a77519cf41d915046d6962db92b7e667f68267d30e0b8399
- SHA512
  
  59a8bad2040260f13ec4171e5ce6f28b04b1d6705aed4d7c9a9270c472062095bd4ec8cdc38fe962a55b8f8bc0b8f5afc4565d99f3dffee87dc12b107f9fd76f
Score

10^/10

numando backdoor persistence spyware stealer trojan
- Detect Numando Payload
- Numando
  Numando is a banking trojan/backdoor targeting Latin America which uses Youtube and Pastebin for C2 communications.
  trojan backdoor numando
- Blocklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Web Service

Credential Access

Credentials in Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

numandobackdoorpersistencespywarestealertrojan

behavioral2

numandobackdoorpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy