General

  • Target

    9de12a0eecc54548338319c106bb77ca5496c1aedc293d22dc994eb61b9dd984

  • Size

    35.1MB

  • Sample

    240522-bh5ltsfe75

  • MD5

    b07dee479dd11163d584db2aa86e9c45

  • SHA1

    2394974e832831f0c9a3e38fe3706cf7e2c2fa94

  • SHA256

    9de12a0eecc54548338319c106bb77ca5496c1aedc293d22dc994eb61b9dd984

  • SHA512

    597268d6a37f9edaf45d10e97b7e23fa5da2f8c2b1af58921474f1b2bc87e79e323870153df34a488761c1475f531d2fa1b4c7fc86723a95c629713a5946a421

  • SSDEEP

    786432:Wlw27h2QVu9cCct5rB9rIX9gW6cnzELhEe2x53gp7fq2xX:WlLA+ptO2Cnne2xU7fq2

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://opensun.monster/1305.bs64

Targets

    • Target

      9de12a0eecc54548338319c106bb77ca5496c1aedc293d22dc994eb61b9dd984

    • Size

      35.1MB

    • MD5

      b07dee479dd11163d584db2aa86e9c45

    • SHA1

      2394974e832831f0c9a3e38fe3706cf7e2c2fa94

    • SHA256

      9de12a0eecc54548338319c106bb77ca5496c1aedc293d22dc994eb61b9dd984

    • SHA512

      597268d6a37f9edaf45d10e97b7e23fa5da2f8c2b1af58921474f1b2bc87e79e323870153df34a488761c1475f531d2fa1b4c7fc86723a95c629713a5946a421

    • SSDEEP

      786432:Wlw27h2QVu9cCct5rB9rIX9gW6cnzELhEe2x53gp7fq2xX:WlLA+ptO2Cnne2xU7fq2

    Score
    10/10
    • Detects common strings, DLL and API in Banker_BR

      Hunting by known PDB files - Trojan Banker LATAM.

    • Blocklisted process makes network request

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks