Overview

overview

10

Static

static

10

Adkflgog.exe

windows7-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    220521-p5wjbsgfg5_pw_infected.zip

  • Size

    5.6MB

  • Sample

    230329-retcdsgf36

  • MD5

    4ca75382f363662dd5aca2fcd296ae05

  • SHA1

    06fd790d4b2725adf918640ca7ceed5f33f7c46e

  • SHA256

    9555dca4e729984349b39bbd5d21042dc586dd7b081a07c2d6fdc7227818f1e4

  • SHA512

    ed9fda1c73429e2f653e450a68faea472f7f0b97c51cdb672089288e654dc76b03d80de2c78b93d1e790dc1349c8f9d434ad904d58c8b27f0df07546d823e969

  • SSDEEP

    98304:kxB2QeIbKCMd1ufP3648VrTFdlbg0d4sGJJi8v97aZBkQ9bEAB1CkltwPnF+B1lf:a2Qe1XPs36461dZa5v97ABkQ9bCkl6AZ

Score
10/10
grandoreirobankerpersistencetrojan

Malware Config

Targets

    • Target

      Adkflgog.exe

    • Size

      193.1MB

    • MD5

      97a5caa44ad8eb614b98707ff6f32d72

    • SHA1

      2546d75510b3bdc031277a50f5fa230514bd32e9

    • SHA256

      7e52fc679c8ca6e2e670598bd60263dbd5bebe4a37ae2ed03834a44acaa4f680

    • SHA512

      5b5fa170e3802542bfa540ec2939b3687110903eb57fd08c2e3bf0ae90d103ff0d6fcf33d65013c87b2ee39d5bb8a8c6afe4c42f2e2d49d2ed3ebc01f72c89d3

    • SSDEEP

      49152:BmN/STYpKg0fIjwbYRaY9AVFsU/FjX7LIGII11UgegV5Y0WTJo0qudB6ipq3zIVw:BmA9gGqXa8U3brRtsNxDmu1XuUO3

    Score
    10/10
    grandoreirobankerpersistencetrojan

    • Detects Grandoreiro payload

    • Grandoreiro

      Part of a group of banking trojans, targeting Spanish and Portuguese speaking countries.

      trojanbankergrandoreiro

    • Adds Run key to start application

      persistence
    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks