grandoreiro | f850d6912a840db1b98fa63b47c0948ed5fb298d607f8a9ba86864891e1e160f | Triage

Submit
Reports

Overview

overview

Static

static

ezswfdgotk30.exe

windows7-x64

ezswfdgotk30.exe

windows10-2004-x64

Sharing

General

Target

ezswfdgotk30.exe
Size

193.7MB
Sample

240906-hdzcks1fqm
MD5

d739f133a59e226662059a9977abab6d
SHA1

132b492fa0e88014ec9dd8b510168b5e8f9261e2
SHA256

f850d6912a840db1b98fa63b47c0948ed5fb298d607f8a9ba86864891e1e160f
SHA512

170c7653e9b1d01d8abc93f5204f2c440bd3ca29a639c5a168066b1fa67812131ec8200d4c5d73ab4463c874b13a462c8d927c0d0561c9a93b93fa073fe1a11a
SSDEEP

49152:Vqk94kPpenXf4J15XRafS8nFsA/FjKvIIGIIFVMeDZC5ntPGiGcb3Ud779g3syvj:Vqk96tQRwvxzX4zkY7/59

Score

10^/10

grandoreiro banker discovery persistence trojan

Static task

static1

4 signatures

Behavioral task

behavioral1

Sample

ezswfdgotk30.exe

Resource

win7-20240903-es

grandoreiro banker discovery persistence trojan

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

ezswfdgotk30.exe

Resource

win10v2004-20240802-es

grandoreiro banker discovery persistence trojan

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Targets

- Target
  
  ezswfdgotk30.exe
- Size
  
  193.7MB
- MD5
  
  d739f133a59e226662059a9977abab6d
- SHA1
  
  132b492fa0e88014ec9dd8b510168b5e8f9261e2
- SHA256
  
  f850d6912a840db1b98fa63b47c0948ed5fb298d607f8a9ba86864891e1e160f
- SHA512
  
  170c7653e9b1d01d8abc93f5204f2c440bd3ca29a639c5a168066b1fa67812131ec8200d4c5d73ab4463c874b13a462c8d927c0d0561c9a93b93fa073fe1a11a
- SSDEEP
  
  49152:Vqk94kPpenXf4J15XRafS8nFsA/FjKvIIGIIFVMeDZC5ntPGiGcb3Ud779g3syvj:Vqk96tQRwvxzX4zkY7/59
Score

10^/10

grandoreiro banker discovery persistence trojan
- Detects Grandoreiro payload
- Grandoreiro
  Part of a group of banking trojans, targeting Spanish and Portuguese speaking countries.
  trojan banker grandoreiro
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

grandoreirobankerdiscoverypersistencetrojan

behavioral2

grandoreirobankerdiscoverypersistencetrojan

© 2018-2025

Terms | Privacy