grandoreiro

Resubmissions

24-10-2023 21:15

231024-z3wresaa34 10

Sharing

Copy URL

Twitter E-mail

General

Target

i4D5zW6J.7z
Size

8.6MB
Sample

231024-z3wresaa34
MD5

78b94db464a1a0e91cd6d3a976332668
SHA1

a616ef6e7d3c9dd600ddbebabb968742b39d593c
SHA256

e2751b8455728c372f6552335a8b5c12a2f80003bbe806f5464d8f3982c0d002
SHA512

8ed41498ea74ba1ce3d019973007cb6aa4080ba5e085ccdda143cdb59aefafc4881baa527a6bfdbf459edd415d52af1d29916646e559be6c862720c016fe87b0
SSDEEP

196608:5F344MDzauW/qdowZKCUgYI3Q9EslzvTMyUBWuZqEq2IBicr8dFi9A9k8maL1H:5FI44Jh5fY4axlvIdi3V78ka5

Score

10^/10

Malware Config

Targets

- Target
  
  i4D5zW6J\CBSCreateVC.dll
- Size
  
  331.8MB
- MD5
  
  7755038abb8916182c4d9bdec0cecc3a
- SHA1
  
  bdb622c83765a5d22928f72923f0fb6cdd1ac933
- SHA256
  
  9ab85595b7d114ef86f3818f7d4d4ad0b31cfabccc373e7301a68a981a956e1a
- SHA512
  
  fa6fe68b1f01ab4764741e7549478feb35c5d2bef000f74622414a397d2b280e1e0525c3377a8a6469ffb41bcf1242bdbbe49c128da5243aff49cdb4eead734c
- SSDEEP
  
  49152:Tt8ODu1nETuq3E+Zyib/NP/LKrJqh+taU69pT9Tryz+gvH:T6ODuFESqZH/ZLKYEk/
Score

10^/10

grandoreiro banker trojan
- Detects Grandoreiro payload
- Grandoreiro
  Part of a group of banking trojans, targeting Spanish and Portuguese speaking countries.
  trojan banker grandoreiro
behavioral1 behavioral2
- Target
  
  i4D5zW6J\CBSProducstInfo.dll
- Size
  
  692KB
- MD5
  
  6cd81e6343ab21a1d118243af54833a8
- SHA1
  
  bbe1a06bd85af7099fb111ac13d19df5f7f22cc0
- SHA256
  
  306970a9d265a45abbd2efaf61002980695b2de7961504cf71e2833f415e82a9
- SHA512
  
  295446e3732281b3afb6b06684e2642a79e6b284608305291cc01967c45d2ba5892ef687de084dbc9a22180233f1602a8c2236ec969ddda34c25d4f4e6691328
- SSDEEP
  
  12288:qETlpkPPcE+qXW/fLXeKGVQHL+63jcxsf+SxWWfW+XYNfCJN4C/5AWPty0Da888Y:XJWPEZ8W/fLXPGVQHL+63jEsf+SxWWfV
Score

3^/10
behavioral3 behavioral4
- Target
  
  i4D5zW6J\DAQExp.dll
- Size
  
  1.4MB
- MD5
  
  b16ad0dd6c69c0c117c9d3647517786c
- SHA1
  
  825a54040c8e8dfe9ffb243796df806ee5b05708
- SHA256
  
  e8eace4e643ba86e5c4d1b966037a47e53836b5d328f2295713184613a72020f
- SHA512
  
  23512007a593d62c446923c446b07d64476cecf9f7ea22dbdbe48965daa482517c7f3f50a55b7b6ed3989be3df2f96004cafe3bb2204bcde401aae00ffd44632
- SSDEEP
  
  24576:ffMWltiJhYpFd0xsgDUZXW/Xt33nETMiZGwQvABbgYBO3wTgoyTG0Q0dp:TtiJhASK5Z4XWTMiAzEgYBOATgoyTG0t
Score

3^/10
behavioral5 behavioral6
- Target
  
  i4D5zW6J\analistcs.exe
- Size
  
  2.0MB
- MD5
  
  db67e9196605d61d8278e5278777c71f
- SHA1
  
  6fe39b3ace96505269745ed2b81975abb5aea647
- SHA256
  
  9b5f85fb164d177a24a521df6a9515f1dfb502d1b83581d37dae8ac3f1ad9010
- SHA512
  
  d2a77d6c1c7771e714f5a19db82823a8a4dd0f0402aca0751d17e7b4d66219049aa33eab3f3841de251f7393f0d01e3c7664ef0aa17f5593ba0f569d2bfe7022
- SSDEEP
  
  24576:4CtqIkZmZI+NFCwGYt7hGxhZxGv/Ai3DRqz1ZALpqfWmA6Nt7CaG0lCfXCwyMlna:XrZjGYoM3qc3P3gRQTXT6Fdsbs7k+
Score

10^/10

grandoreiro banker discovery persistence trojan
- Detects Grandoreiro payload
- Grandoreiro
  Part of a group of banking trojans, targeting Spanish and Portuguese speaking countries.
  trojan banker grandoreiro
- Adds Run key to start application
  persistence
behavioral7 behavioral8

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

Detects Grandoreiro payload

Detects Grandoreiro payload

Grandoreiro

Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8