General
-
Target
Archivo.EndesaFactur-A4-SIMPLEX-TLLK_B23032023E294942222422244454.MSI.msi
-
Size
3.0MB
-
Sample
230505-wlymxadg5v
-
MD5
f8e3482185e2c916fc032786e676d320
-
SHA1
f605b599179349ec50919c521191daf718a587c8
-
SHA256
3e033ac5385c7a77ef87090674c19061d8fce08a48d451d78a03d32eda516243
-
SHA512
1024136d4fbcfe68de382d22fb160b16ed9a95e54ccf240a0a09c27bf49bd0ec3e7f0ad15e35701698a0d49cf0bda7649a66cf81db19ec272fe501517db8987e
-
SSDEEP
49152:LoYafBZfn6JDi5FQ5dtSdgIH/5roi5VzQ78r6F5mCmR+CYuNA:YfPf/BoEzMo6cYIA
Malware Config
Targets
-
-
Target
Archivo.EndesaFactur-A4-SIMPLEX-TLLK_B23032023E294942222422244454.MSI.msi
-
Size
3.0MB
-
MD5
f8e3482185e2c916fc032786e676d320
-
SHA1
f605b599179349ec50919c521191daf718a587c8
-
SHA256
3e033ac5385c7a77ef87090674c19061d8fce08a48d451d78a03d32eda516243
-
SHA512
1024136d4fbcfe68de382d22fb160b16ed9a95e54ccf240a0a09c27bf49bd0ec3e7f0ad15e35701698a0d49cf0bda7649a66cf81db19ec272fe501517db8987e
-
SSDEEP
49152:LoYafBZfn6JDi5FQ5dtSdgIH/5roi5VzQ78r6F5mCmR+CYuNA:YfPf/BoEzMo6cYIA
Score10/10-
Detects Grandoreiro payload
-
Grandoreiro
Part of a group of banking trojans, targeting Spanish and Portuguese speaking countries.
-
LatentBot
Modular trojan written in Delphi which has been in-the-wild since 2013.
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-