grandoreiro | 3810d9472973ebfc636f39c290dd4ba21aa87beb926aab38b967ae3299518a81 | Triage

Sharing

General

Target

Test.Zip.zip
Size

22.7MB
Sample

230330-lhmfcsdd9w
MD5

cfdb15ef5c8a1c3c85b10b6846aebd04
SHA1

9c5aa7dab14157310f1a4d8dc403c5f4febc4072
SHA256

3810d9472973ebfc636f39c290dd4ba21aa87beb926aab38b967ae3299518a81
SHA512

ccacbc7985ff70a8cbd2968788457a738cc0790bedb5de730f8457d4cc19e26d1a20ebff08ce1c14e63bff416edddf106d4f4df14382fb480394d729c034378e
SSDEEP

393216:vUnI+rJ2YNb4wNwNGf/Qw3i2msapFRvqkDMzJg3sdGAmW+9Gt0C1kG2RDQ6kLlcn:vUIeTNEwNwNGQoi2oB2Vusc9kRkG2RDr

Score

10^/10

grandoreiro banker persistence trojan

Malware Config

Targets

- Target
  
  HostFx.exe
- Size
  
  2.2MB
- MD5
  
  b5485d229f8078575d639fb903b4fca7
- SHA1
  
  6a67a6bb694df592819d398a645504b2c7a2221c
- SHA256
  
  9625e775e955281732270b7a0fc468bef83b468be85e82e0659973aefa369782
- SHA512
  
  5d54f343b986d33c3e7de1450d8b6386bac66a9aeb8a77b0a81652cf2592e8f85847185d6e09e8c486a224bf21eb195308be1f489bbac615bf99d5fc760d85f8
- SSDEEP
  
  49152:br9J0M1ZNIlSM4UUFr7Nq2O3gGEK2OrIoODzc1yTLNKdtR7YNVWms0:br9J0WIlSM4w2OQDK0
Score

10^/10

grandoreiro banker persistence trojan
- Detects Grandoreiro payload
- Grandoreiro
  Part of a group of banking trojans, targeting Spanish and Portuguese speaking countries.
  trojan banker grandoreiro
- Adds Run key to start application
  persistence
behavioral1 behavioral2
- Target
  
  dbghelp.dll
- Size
  
  1.2MB
- MD5
  
  4003e34416ebd25e4c115d49dc15e1a7
- SHA1
  
  faf95ec65cde5bd833ce610bb8523363310ec4ad
- SHA256
  
  c06430b8cb025be506be50a756488e1bcc3827c4f45158d93e4e3eeb98ce1e4f
- SHA512
  
  88f5d417377cd62bde417640a79b6ac493e80f0c8b1f63a99378a2a67695ef8e4a541cedb91acfa296ed608e821fee466983806f0d082ed2e74b0cd93eb4fb84
- SSDEEP
  
  24576:9AkmijauMug/iyFzb2DfsPV8A4C2vNI1cPdf8xZLGNfav9T:9WiOuRg/iyFzb2QN83XfeYaZ
Score

1^/10
behavioral3 behavioral4
- Target
  
  uires.dll
- Size
  
  13.0MB
- MD5
  
  87c7411e05ff159a3707869adc9d5c01
- SHA1
  
  d147cfdc5d2ea979aa757423a0a22577c45acbe1
- SHA256
  
  207d66dae08ca39065019355802604768b213ed2817e78bea128f136784af6a7
- SHA512
  
  a5a22ed12fa2ea7d343fa38e527fab8735924e350dd138b72e2bec4417825b8bab52e6814ced320f67030fa3a0b88afd7a50ac1714476f40d9ec54c33acae922
- SSDEEP
  
  98304:hZ88888888888888888888X2888888888888ACTTo4HQhAR/7Qdo2mvJFqC38dG:h5gTTHQhS7Qdo2m4dG
Score

1^/10
behavioral5 behavioral6
- Target
  
  zlibai.dll
- Size
  
  26.5MB
- MD5
  
  1eec76d149464a0ddde558b9867ee1f2
- SHA1
  
  a46c1b1ea806e8ac7e13759dec03e63e516b3018
- SHA256
  
  fa62a8cc511d051499e8609344f7edba8bb2034f4ac732deb8fbc9599356a767
- SHA512
  
  d52c5724ff44d1e0572a158584534682918dafd9e58494e33ece75e3bca0aafcd788c20659ba667bdfac330248d9a2e7b6da75a9baac4562289a775f5a22cec0
- SSDEEP
  
  393216:XxLQMQ9zIAcfQ4EScuKctwpCKch2iLxTaRetMfrjCA9Dt6S7Rxmj2o1Lu9AC:BqocpxpCjssMfrjCwtLRTou9A
Score

10^/10

grandoreiro banker trojan
- Detects Grandoreiro payload
- Grandoreiro
  Part of a group of banking trojans, targeting Spanish and Portuguese speaking countries.
  trojan banker grandoreiro
behavioral7 behavioral8

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

grandoreirobankerpersistencetrojan

behavioral2

grandoreirobankerpersistencetrojan

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

grandoreirobankertrojan

behavioral8

grandoreirobankertrojan