General
-
Target
35848198VFEGHN1348V318V6V135V1V8G32.MSI
-
Size
2.6MB
-
Sample
230406-ysy85aeh49
-
MD5
a8964cca3b8af152ea2491558357d163
-
SHA1
76e1d1753235f4d50cadcbda844baf2727355479
-
SHA256
5209df2ae7514d2552e74304a99b2fbcf3968d7e242aed603ad999da0f0e1cf4
-
SHA512
04378f02907360f9d8ad2c05b4a9d46abbde1d80206a7ffd2dbc431937f55d2e5601786ce5c1aaf41e0f973332a88d57b1c9a2b3bcc52244863c66e9cbf8eb76
-
SSDEEP
49152:lItsQrNEwTnOVZJYumOc/M4ffqC+GWESRWDIOFCEb0u7+8r6F5mCmR+iY4TAH:+tpOGn2wumvNffIGWiDlFCEbko6UYAA
Malware Config
Targets
-
-
Target
35848198VFEGHN1348V318V6V135V1V8G32.MSI
-
Size
2.6MB
-
MD5
a8964cca3b8af152ea2491558357d163
-
SHA1
76e1d1753235f4d50cadcbda844baf2727355479
-
SHA256
5209df2ae7514d2552e74304a99b2fbcf3968d7e242aed603ad999da0f0e1cf4
-
SHA512
04378f02907360f9d8ad2c05b4a9d46abbde1d80206a7ffd2dbc431937f55d2e5601786ce5c1aaf41e0f973332a88d57b1c9a2b3bcc52244863c66e9cbf8eb76
-
SSDEEP
49152:lItsQrNEwTnOVZJYumOc/M4ffqC+GWESRWDIOFCEb0u7+8r6F5mCmR+iY4TAH:+tpOGn2wumvNffIGWiDlFCEbko6UYAA
Score10/10-
Detects Grandoreiro payload
-
Grandoreiro
Part of a group of banking trojans, targeting Spanish and Portuguese speaking countries.
-
LatentBot
Modular trojan written in Delphi which has been in-the-wild since 2013.
-
Blocklisted process makes network request
-
ASPack v2.12-2.42
Detects executables packed with ASPack v2.12-2.42
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-