grandoreiro | 4c6783e8930c1638fdc343a9ceef0362a5444c00facb2ff66929a30c98faeaf6 | Triage

Resubmissions

06/04/2023, 22:57

230406-2xhzgshe4v 10

13/03/2023, 11:48

230313-nypa1acc6t 6

01/06/2022, 05:36

220601-gaj8taabgn 6

Sharing

General

Target

VUJJJFwwwLFLF-june.zip
Size

6.6MB
Sample

230406-2xhzgshe4v
MD5

826e9eb095fd5c1474bd43f5c2999c69
SHA1

62dcff5d087d7d4a4d1aae80a6db90bc3af01e58
SHA256

4c6783e8930c1638fdc343a9ceef0362a5444c00facb2ff66929a30c98faeaf6
SHA512

8f22a338a1d8a5a87253d3927fa6e254bc36382c95d295f57047096268aa0224c92a4f1d6698c75e4c954c6b2a6e368229a38c8e51b76d8daa60d216f5adeb55
SSDEEP

196608:iBEFF/wQZm7wPx9qVY4Yi6Ttodu6fV7NfnLZHdpV9AA9n:tKwpoY4UGu6fV7NP9Hzf3Z

Score

10^/10

grandoreiro banker persistence trojan

Malware Config

Targets

- Target
  
  dbghelp.dll
- Size
  
  279.4MB
- MD5
  
  bbf1db814dff85430df3bd3eff4a6a84
- SHA1
  
  3aea02e4d39223ff028f426d57960a848fecfda8
- SHA256
  
  04e298d4778c1f8bb0822740dde7cca5149b6b302b3866ec999331cebebb5eeb
- SHA512
  
  3062aa67fef0e290c9536b052fc41dd035485129245789cd090655015b0d51dc6bd5c99163921f42b109c1ee772bdc40e7903a40da93c901005dee619bfafa7b
- SSDEEP
  
  49152:4PJFykSdw6u0oYbRqFB1waaq3fGzGr4ymGISaO1TeTYyl:4PJFydy6ugoBKaaq94veHc
Score

10^/10

grandoreiro banker trojan
- Detects Grandoreiro payload
- Grandoreiro
  Part of a group of banking trojans, targeting Spanish and Portuguese speaking countries.
  trojan banker grandoreiro
behavioral1 behavioral2
- Target
  
  uires.dll
- Size
  
  11.2MB
- MD5
  
  72759c77ca4b837fdc3927372b300f56
- SHA1
  
  be3bebab8db0087d92316b5f54b5aaf5f51fbf46
- SHA256
  
  0283eebeda2c6554a39d77ab8b1507a1d6393e5a04f7a4de0d2ed9ab5c63f648
- SHA512
  
  20781990e9a5f6d5c96ff66d5bd2fd115c50747037f483cf9dfb071220e1579a5610a62d3d2f90d3ee3e8ce610c0827fade4ebf4414722452c2d4d8097a3f7ff
- SSDEEP
  
  98304:n388888888888888888888XS888888888888hCaeo4cRE7QvY2muJFqUte:nfmeTx7QvY2mwe
Score

1^/10
behavioral3 behavioral4
- Target
  
  umvg6yh.exe
- Size
  
  908KB
- MD5
  
  8d7868c9914191945e5e81ac80c5d4bd
- SHA1
  
  5dd0b062dda3991c09e439f0688ba94004573d6e
- SHA256
  
  9428536f635ecadaca9288fa0150e92bdcdac7fe8de03e419e032ab0664c86fa
- SHA512
  
  e661f3faea4fc630e07574f8ae51eb7e83085b805b90d6c10bdf6ddcd92f76df76b52245b4f56a37d5e0c784ca34d0ef9da1404cd80f55ff914fe19dc28be154
- SSDEEP
  
  24576:E51/lMf8oA/XOM7ISaqUt3OQmA8t3FEOixMOMRJ1j2Ta:M9lXOM7ISaqUxDmA8t1Li/MRJp2Ta
Score

10^/10

grandoreiro banker persistence trojan
- Detects Grandoreiro payload
- Grandoreiro
  Part of a group of banking trojans, targeting Spanish and Portuguese speaking countries.
  trojan banker grandoreiro
- Adds Run key to start application
  persistence
behavioral5 behavioral6
- Target
  
  zlibai.dll
- Size
  
  162KB
- MD5
  
  cc2c7c9cdd4d7c1904458fdd944b0bb0
- SHA1
  
  aadc8a089d1288e91e6ba9e095d37d30de3bbb18
- SHA256
  
  3f74387ec609daca8ec6a0c5a6986f39853a77ab7c414e6d6f950d285ca51f38
- SHA512
  
  19714b6d2c77344a8b2487991bec1c30737504d1a2a7587a973788f86b5d08c42e1c0150e3ef3b668768dbc5c589657d9f3d2708f063e59d20368fea1b4b0235
- SSDEEP
  
  3072:nz7juJ0oLsGmNc1C+zvDRKJwtjHFyN55UCnW7J5rrS19hsy/TBfhv6OpR7LoG:nXjuFrmNcoq1bAj5U71SFTBpv6eFLoG
Score

3^/10
behavioral7 behavioral8

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

grandoreirobankertrojan

behavioral2

grandoreirobankertrojan

behavioral3

behavioral4

behavioral5

grandoreirobankerpersistencetrojan

behavioral6

grandoreirobankerpersistencetrojan

behavioral7

behavioral8