10af3efd0851093bbfc56aa03ba7d2bc28c500f2ebdea01292d591d377c459de | Triage

Submit
Reports

Overview

overview

Static

static

HomeDesk.msi

windows7-x64

HomeDesk.msi

windows10-2004-x64

Sharing

General

Target

MICROSOFT .NET FRAMEWORK -6650a74272b9a.zip
Size

18.7MB
Sample

240524-r27hjahg93
MD5

39da5e31e1293ad6b35629f7be9e5bda
SHA1

da7d4babaedbbaf00b355884130311a0514b936d
SHA256

10af3efd0851093bbfc56aa03ba7d2bc28c500f2ebdea01292d591d377c459de
SHA512

f4b27a535612b94ef1dec704bba8df7943868183d17b0ae8fbd1e57a910fa4e5f58ed327a7e9eeeb83c8be48663309076b16e8932946ad236a55f50513a6b061
SSDEEP

393216:9goxXKKLxgcSbW3AqmXjmOUsd8LzqrP/fBfd9yzO4kZwgcgBvA:9kP7a3hxOBd82XBeKagcgpA

Score

10^/10

banker persistence

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

HomeDesk.msi

Resource

win7-20240215-es

banker persistence

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

HomeDesk.msi

Resource

win10v2004-20240226-es

banker persistence

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  HomeDesk.msi
- Size
  
  19.5MB
- MD5
  
  a6c23b2846b76a423eef4a5cf25e834f
- SHA1
  
  bef30ddb5e74e5078847b1f9dfef573f82f63c26
- SHA256
  
  d3416342f6a3b32604b783995845df8e24e3e98cffaac755d2292d20504a839f
- SHA512
  
  d648fad3216f1b1ba2d9b9124054a4766e48cd3c0e57252af11f679eebe1f308b86e7558b5f82c48b0287d5049515504fe379b242d540d835a6f8d080f2556cf
- SSDEEP
  
  393216:dvEwpJKaB9QEyLiZWGGpNmOQ+Ji5FEFhJfnRx96dOuMNIKMgTl:doR5+ZlxODJiONncg6KMgJ
Score

10^/10

banker persistence
- Detects common strings, DLL and API in Banker_BR
  Hunting by known PDB files - Trojan Banker LATAM.
  banker
- Hunting by known EXPORT - Trojan Banker LATAM.
  Hunting by known EXPORT - Trojan Banker LATAM.
  banker
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

bankerpersistence

behavioral2

bankerpersistence

© 2018-2024

Terms | Privacy