numando | 308d07fa6ea5a3e88f7bbdcbc5d7df86efb1c39c6736ab16059d88046c99933f | Triage

Sharing

General

Target

Object.zip
Size

7.9MB
Sample

211214-j5k5psfdd5
MD5

505f30f0dc5db5515870d49b8a058c27
SHA1

3933bbddc8723d8ebfdeb5e961b9a317d11988bf
SHA256

308d07fa6ea5a3e88f7bbdcbc5d7df86efb1c39c6736ab16059d88046c99933f
SHA512

f30e0762f6eed8c1d023aa3e6b900b97ebe649befdae1982bfe84c8438f8469c6c8be6f167fd21c1b1fb67b3a08d957916c69967ce15c3c351b07790a15a312e

Score

10^/10

numando backdoor persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  Object.exe
- Size
  
  1.2MB
- MD5
  
  06b1b36cd7c59cf46cd7f5d661c4da6f
- SHA1
  
  ed225d67e410c4c70a205fe969def346035ada72
- SHA256
  
  0d1882db000f8898f7598e87cefd2f1f7689524ee10b406870d1ae7a92ee775b
- SHA512
  
  6e448b9e44b57f05cc760c313d4898751afc23b2db14c4f981880e0183af67944d92ab0ad946b52d365e17ba5f2a6b2a97097450ac8a0e5c636f1c43a21d7c3a
Score

10^/10

numando backdoor persistence spyware stealer trojan
- Detect Numando Payload
- Numando
  Numando is a banking trojan/backdoor targeting Latin America which uses Youtube and Pastebin for C2 communications.
  trojan backdoor numando
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2
- Target
  
  Oleacc.dll
- Size
  
  9.0MB
- MD5
  
  96e5dabb986d4a653ba7382f14e9f4af
- SHA1
  
  2af9c00f61fd821f7dbdbd222e2ca2b1652ecca7
- SHA256
  
  e116a603ceb5d60463f54ad79b31b9a04a21b2c8afea1fb72149db2805a4d4d8
- SHA512
  
  6c37f8890ffe8a89d143e00a0e1368af1a43bd9d42025e185d879f61fe7307bce60c4055eab4da3a00cd1e13f1cb21b5b0548bae48087c960b49c3b7eb529878
Score

10^/10

numando backdoor trojan
- Detect Numando Payload
- Numando
  Numando is a banking trojan/backdoor targeting Latin America which uses Youtube and Pastebin for C2 communications.
  trojan backdoor numando
behavioral3 behavioral4
- Target
  
  libeay32.dll
- Size
  
  1.3MB
- MD5
  
  1f3d6ea5e7dab4126b5315261785408b
- SHA1
  
  5a138f31b36fa689f783bb1325a34566fa725865
- SHA256
  
  fc66f65545e6f8d875e82509bcb4ed4bd3df1869734d8f4fd206c9b7e8726499
- SHA512
  
  d37237baf8d0054c87b303758941e7180fcd40b63dea44c3e66c3e0d9bf9d23f8ea0bb47dd7cb0edb73c56e471c71520d9aaf8bbc36850e6a6ffd45bc794af48
Score

1^/10
behavioral5 behavioral6
- Target
  
  ssleay32.dll
- Size
  
  328KB
- MD5
  
  a71bb55be452a69f69a67df2fe7c4097
- SHA1
  
  d2ab6d7acf2647827155d9bd3d9d4eca57eb2fce
- SHA256
  
  ff6c7f1c9dcff3b3a90cf57a9b4341dda0d76adb9e8667b4a3f75e15a2b7a832
- SHA512
  
  d0f7342266d9f9fa34b47564181a169dcf3fb518406f418bf0622c0e1ed5d849fa4c7816c0fe1542fc41e266bf3182ed2ffa49ac8247054a0b60f96b2ba4661a
Score

1^/10
behavioral7 behavioral8

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Web Service

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

numandobackdoorpersistencespywarestealertrojan

behavioral2

numandobackdoorpersistencespywarestealertrojan

behavioral3

numandobackdoortrojan

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8