Overview

overview

10

Static

static

10

9de12a0eec...84.msi

windows7-x64

10

9de12a0eec...84.msi

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9de12a0eecc54548338319c106bb77ca5496c1aedc293d22dc994eb61b9dd984

  • Size

    35.1MB

  • Sample

    240522-bh5ltsfe75

  • MD5

    b07dee479dd11163d584db2aa86e9c45

  • SHA1

    2394974e832831f0c9a3e38fe3706cf7e2c2fa94

  • SHA256

    9de12a0eecc54548338319c106bb77ca5496c1aedc293d22dc994eb61b9dd984

  • SHA512

    597268d6a37f9edaf45d10e97b7e23fa5da2f8c2b1af58921474f1b2bc87e79e323870153df34a488761c1475f531d2fa1b4c7fc86723a95c629713a5946a421

  • SSDEEP

    786432:Wlw27h2QVu9cCct5rB9rIX9gW6cnzELhEe2x53gp7fq2xX:WlLA+ptO2Cnne2xU7fq2

Score
10/10
bankerexecution

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://opensun.monster/1305.bs64

Targets

    • Target

      9de12a0eecc54548338319c106bb77ca5496c1aedc293d22dc994eb61b9dd984

    • Size

      35.1MB

    • MD5

      b07dee479dd11163d584db2aa86e9c45

    • SHA1

      2394974e832831f0c9a3e38fe3706cf7e2c2fa94

    • SHA256

      9de12a0eecc54548338319c106bb77ca5496c1aedc293d22dc994eb61b9dd984

    • SHA512

      597268d6a37f9edaf45d10e97b7e23fa5da2f8c2b1af58921474f1b2bc87e79e323870153df34a488761c1475f531d2fa1b4c7fc86723a95c629713a5946a421

    • SSDEEP

      786432:Wlw27h2QVu9cCct5rB9rIX9gW6cnzELhEe2x53gp7fq2xX:WlLA+ptO2Cnne2xU7fq2

    Score
    10/10
    bankerexecution

    • Detects common strings, DLL and API in Banker_BR

      Hunting by known PDB files - Trojan Banker LATAM.

      banker

    • Blocklisted process makes network request

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

PowerShell

1
T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks