General
-
Target
03202329.arcvfile..695876870.vbs
-
Size
12KB
-
Sample
230330-k2q28add3s
-
MD5
9f370a4d78e168070152cd7a62c93ea0
-
SHA1
924a0fb8c3cfec12f34ef6f782bcd95734d36f15
-
SHA256
a9f9baa69dd0b15747c01aa676052b3de1f173f5da7928b8816a7c8779065358
-
SHA512
34b089925845fb69082b0f00eea3ecf6399cc7d16ca37a3b19616226f05a599d6c1629ec2db5e120f80f11913138bdb53a49a7ec000dbd667e2d0f1fa18e9c39
-
SSDEEP
384:50SN0S20S20S20S20S20SK1y0S20SCu+JK1Q:50SN0S20S20S20S20S20SAy0S20SCu+v
Static task
static1
Behavioral task
behavioral1
Sample
03202329.arcvfile..695876870.vbs
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
03202329.arcvfile..695876870.vbs
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
03202329.arcvfile..695876870.vbs
-
Size
12KB
-
MD5
9f370a4d78e168070152cd7a62c93ea0
-
SHA1
924a0fb8c3cfec12f34ef6f782bcd95734d36f15
-
SHA256
a9f9baa69dd0b15747c01aa676052b3de1f173f5da7928b8816a7c8779065358
-
SHA512
34b089925845fb69082b0f00eea3ecf6399cc7d16ca37a3b19616226f05a599d6c1629ec2db5e120f80f11913138bdb53a49a7ec000dbd667e2d0f1fa18e9c39
-
SSDEEP
384:50SN0S20S20S20S20S20SK1y0S20SCu+JK1Q:50SN0S20S20S20S20S20SAy0S20SCu+v
Score10/10-
Detects Grandoreiro payload
-
Grandoreiro
Part of a group of banking trojans, targeting Spanish and Portuguese speaking countries.
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-