grandoreiro | 69a581d100d68b8ed03d9afb8672c41b121e94453da440314b9cdcdbf1421f04 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

69a581d100...04.exe

windows10-2004-x64

69a581d100...04.exe

windows11-21h2-x64

Sharing

General

Target

69a581d100d68b8ed03d9afb8672c41b121e94453da440314b9cdcdbf1421f04
Size

5.5MB
Sample

250214-m6p2tstnck
MD5

6c1ef92690b2d4672136ac59dcdd3abf
SHA1

d0f21d7c68c0590f735b3bfa09517a231592de6a
SHA256

69a581d100d68b8ed03d9afb8672c41b121e94453da440314b9cdcdbf1421f04
SHA512

ec914db73f6e2a331b6877f7c8d7093273347d1b0ce0e12484d4e2294f98d742ae265233c438589404c5fdd33a6450d13ae921e3a90f69609c0cbb5bcb3c585d
SSDEEP

98304:vyghDiIufzZIKj5Ahc3x8x/3a1UVG+5T8wNyxZnkkYOWt:vJhZuf+W1xGSUVG+x8wQZXYh

Score

10^/10

grandoreiro latentbot banker discovery persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

69a581d100d68b8ed03d9afb8672c41b121e94453da440314b9cdcdbf1421f04.exe

Resource

win10v2004-20250211-es

grandoreiro latentbot banker discovery persistence trojan

windows10-2004-x64

22 signatures

150 seconds

Behavioral task

behavioral2

Sample

69a581d100d68b8ed03d9afb8672c41b121e94453da440314b9cdcdbf1421f04.exe

Resource

win11-20250211-es

grandoreiro latentbot banker discovery persistence trojan

windows11-21h2-x64

24 signatures

150 seconds

Malware Config

Extracted

Family

latentbot

C2

zaf495d3a42.zapto.org

Targets

- Target
  
  69a581d100d68b8ed03d9afb8672c41b121e94453da440314b9cdcdbf1421f04
- Size
  
  5.5MB
- MD5
  
  6c1ef92690b2d4672136ac59dcdd3abf
- SHA1
  
  d0f21d7c68c0590f735b3bfa09517a231592de6a
- SHA256
  
  69a581d100d68b8ed03d9afb8672c41b121e94453da440314b9cdcdbf1421f04
- SHA512
  
  ec914db73f6e2a331b6877f7c8d7093273347d1b0ce0e12484d4e2294f98d742ae265233c438589404c5fdd33a6450d13ae921e3a90f69609c0cbb5bcb3c585d
- SSDEEP
  
  98304:vyghDiIufzZIKj5Ahc3x8x/3a1UVG+5T8wNyxZnkkYOWt:vJhZuf+W1xGSUVG+x8wQZXYh
Score

10^/10

grandoreiro latentbot banker discovery persistence trojan
- Detects Grandoreiro payload
- Grandoreiro
  Part of a group of banking trojans, targeting Spanish and Portuguese speaking countries.
  trojan banker grandoreiro
- Grandoreiro family
  grandoreiro
- LatentBot
  Modular trojan written in Delphi which has been in-the-wild since 2013.
  trojan latentbot
- Latentbot family
  latentbot
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

grandoreirolatentbotbankerdiscoverypersistencetrojan

behavioral2

grandoreirolatentbotbankerdiscoverypersistencetrojan

© 2018-2025

Terms | Privacy