General
-
Target
Test.Zip.zip
-
Size
22.7MB
-
Sample
230330-lhmfcsdd9w
-
MD5
cfdb15ef5c8a1c3c85b10b6846aebd04
-
SHA1
9c5aa7dab14157310f1a4d8dc403c5f4febc4072
-
SHA256
3810d9472973ebfc636f39c290dd4ba21aa87beb926aab38b967ae3299518a81
-
SHA512
ccacbc7985ff70a8cbd2968788457a738cc0790bedb5de730f8457d4cc19e26d1a20ebff08ce1c14e63bff416edddf106d4f4df14382fb480394d729c034378e
-
SSDEEP
393216:vUnI+rJ2YNb4wNwNGf/Qw3i2msapFRvqkDMzJg3sdGAmW+9Gt0C1kG2RDQ6kLlcn:vUIeTNEwNwNGQoi2oB2Vusc9kRkG2RDr
Behavioral task
behavioral1
Sample
HostFx.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
HostFx.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral3
Sample
dbghelp.dll
Resource
win7-20230220-en
Behavioral task
behavioral4
Sample
dbghelp.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral5
Sample
uires.dll
Resource
win7-20230220-en
Behavioral task
behavioral6
Sample
uires.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral7
Sample
zlibai.dll
Resource
win7-20230220-en
Behavioral task
behavioral8
Sample
zlibai.dll
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
HostFx.exe
-
Size
2.2MB
-
MD5
b5485d229f8078575d639fb903b4fca7
-
SHA1
6a67a6bb694df592819d398a645504b2c7a2221c
-
SHA256
9625e775e955281732270b7a0fc468bef83b468be85e82e0659973aefa369782
-
SHA512
5d54f343b986d33c3e7de1450d8b6386bac66a9aeb8a77b0a81652cf2592e8f85847185d6e09e8c486a224bf21eb195308be1f489bbac615bf99d5fc760d85f8
-
SSDEEP
49152:br9J0M1ZNIlSM4UUFr7Nq2O3gGEK2OrIoODzc1yTLNKdtR7YNVWms0:br9J0WIlSM4w2OQDK0
Score10/10-
Detects Grandoreiro payload
-
Grandoreiro
Part of a group of banking trojans, targeting Spanish and Portuguese speaking countries.
-
Adds Run key to start application
-
-
-
Target
dbghelp.dll
-
Size
1.2MB
-
MD5
4003e34416ebd25e4c115d49dc15e1a7
-
SHA1
faf95ec65cde5bd833ce610bb8523363310ec4ad
-
SHA256
c06430b8cb025be506be50a756488e1bcc3827c4f45158d93e4e3eeb98ce1e4f
-
SHA512
88f5d417377cd62bde417640a79b6ac493e80f0c8b1f63a99378a2a67695ef8e4a541cedb91acfa296ed608e821fee466983806f0d082ed2e74b0cd93eb4fb84
-
SSDEEP
24576:9AkmijauMug/iyFzb2DfsPV8A4C2vNI1cPdf8xZLGNfav9T:9WiOuRg/iyFzb2QN83XfeYaZ
Score1/10 -
-
-
Target
uires.dll
-
Size
13.0MB
-
MD5
87c7411e05ff159a3707869adc9d5c01
-
SHA1
d147cfdc5d2ea979aa757423a0a22577c45acbe1
-
SHA256
207d66dae08ca39065019355802604768b213ed2817e78bea128f136784af6a7
-
SHA512
a5a22ed12fa2ea7d343fa38e527fab8735924e350dd138b72e2bec4417825b8bab52e6814ced320f67030fa3a0b88afd7a50ac1714476f40d9ec54c33acae922
-
SSDEEP
98304:hZ88888888888888888888X2888888888888ACTTo4HQhAR/7Qdo2mvJFqC38dG:h5gTTHQhS7Qdo2m4dG
Score1/10 -
-
-
Target
zlibai.dll
-
Size
26.5MB
-
MD5
1eec76d149464a0ddde558b9867ee1f2
-
SHA1
a46c1b1ea806e8ac7e13759dec03e63e516b3018
-
SHA256
fa62a8cc511d051499e8609344f7edba8bb2034f4ac732deb8fbc9599356a767
-
SHA512
d52c5724ff44d1e0572a158584534682918dafd9e58494e33ece75e3bca0aafcd788c20659ba667bdfac330248d9a2e7b6da75a9baac4562289a775f5a22cec0
-
SSDEEP
393216:XxLQMQ9zIAcfQ4EScuKctwpCKch2iLxTaRetMfrjCA9Dt6S7Rxmj2o1Lu9AC:BqocpxpCjssMfrjCwtLRTou9A
Score10/10-
Detects Grandoreiro payload
-
Grandoreiro
Part of a group of banking trojans, targeting Spanish and Portuguese speaking countries.
-