Overview

overview

10

Static

static

8

22585ab7de...6f.dll

windows7_x64

10

22585ab7de...6f.dll

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    22585ab7de35b08fde0936704c556c39f0e0d554a4522c01ec8c16777ba7bd6f

  • Size

    10.6MB

  • Sample

    220215-zj3qmaaae4

  • MD5

    2895127494f4f2c45357dfae7dda9ec6

  • SHA1

    29821030519227db7fa3c37db36b213f1c6f0a0a

  • SHA256

    22585ab7de35b08fde0936704c556c39f0e0d554a4522c01ec8c16777ba7bd6f

  • SHA512

    2a837fe1cb0a8f0a57d997f82c1f6a42704deaba07f4ec94c2e2d60743b40dc6196a251290a191f4746cc8d67cc36695e9c4c64c795591a40406701296540f42

Score
10/10
numandobackdoortrojanvmprotect

Malware Config

Targets

    • Target

      22585ab7de35b08fde0936704c556c39f0e0d554a4522c01ec8c16777ba7bd6f

    • Size

      10.6MB

    • MD5

      2895127494f4f2c45357dfae7dda9ec6

    • SHA1

      29821030519227db7fa3c37db36b213f1c6f0a0a

    • SHA256

      22585ab7de35b08fde0936704c556c39f0e0d554a4522c01ec8c16777ba7bd6f

    • SHA512

      2a837fe1cb0a8f0a57d997f82c1f6a42704deaba07f4ec94c2e2d60743b40dc6196a251290a191f4746cc8d67cc36695e9c4c64c795591a40406701296540f42

    Score
    10/10
    numandobackdoortrojanvmprotect

    • Detect Numando Payload

    • Numando

      Numando is a banking trojan/backdoor targeting Latin America which uses Youtube and Pastebin for C2 communications.

      trojanbackdoornumando

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks