MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 78a3da3f79ed553562bb24cbe36d800f41cd6ded75bedc8d502e0c978e943bca. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Grandoreiro


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 78a3da3f79ed553562bb24cbe36d800f41cd6ded75bedc8d502e0c978e943bca
SHA3-384 hash: 531d1630a506e643b16e141f02b5bb252686b6ba17b354eb0227c1036fd3c4ed0fb0ddef58cecab4748513eeee4e94c8
SHA1 hash: e27fa1d15e515f68b49b03a1f6501feca5273ffd
MD5 hash: 82daa5ec08a0b5ac189556447e5f253b
humanhash: skylark-earth-music-autumn
File name:❉VER CUENTA❉_⑤⑦①③④①⑦③.zip
Download: download sample
Signature Grandoreiro
Create hunting rule
File size:291 bytes
First seen:2024-11-02 06:39:34 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6:5jcMT48ekcbApsdT40vmp9RUm6VDZTql4mMT4KtCekcbAWvB+lHX:5jHxcbAuHG9b6p+4l6cbAWvBaHX
TLSH T1DED05B55C7BD1761DC66CB726BD02F77117364CA44812F7124392D610D684305B096EC
Magika zip
Reporter NDA0E
Tags:geo Grandoreiro MEX PRT zip

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
DE DE
File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:❉VER CUENTA❉_⑤⑦①③④①⑦③.hta
File size:138 bytes
SHA256 hash: bbf766df1972966b0ab3928d82c61d953e849638bb2c0bab60df3ad8aaacf174
MD5 hash: 4149366820613f5e3b38424a5a56fe63
MIME type:text/html
Signature Grandoreiro
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Hta_Zip_2.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
92.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6725c9498d23d9049132aff7
Tags:
powershell autorun emotet
Result
Verdict:
Clean
File Type:
HTA File
Link:
https://app.docguard.net/78a3da3f79ed553562bb24cbe36d800f41cd6ded75bedc8d502e0c978e943bca/results/dashboard
Payload URLs
URL
File name
https://adjunto.pdfxml.store//6725c86d7fae4/js/6725c86d7fa55.js
HTA File
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/78a3da3f79ed553562bb24cbe36d800f41cd6ded75bedc8d502e0c978e943bca
Result
Verdict:
UNKNOWN
Link:
https://labs.inquest.net/dfi/sha256/78a3da3f79ed553562bb24cbe36d800f41cd6ded75bedc8d502e0c978e943bca
Score:
0%
Verdict:
Benign
File Type:
ARCHIVE
Link:
https://malprob.io/report/78a3da3f79ed553562bb24cbe36d800f41cd6ded75bedc8d502e0c978e943bca
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/78a3da3f79ed553562bb24cbe36d800f41cd6ded75bedc8d502e0c978e943bca/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=pcr5up3z5vktkyv3etf6g3mab5a423pnow7nzdkqfygjpduuhpfa._file
Result
Malware family:
n/a
Score:
  8/10
Tags:
discovery
Link:
https://tria.ge/reports/241102-hgn11s1alq/
Behaviour
Modifies Internet Explorer settings
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Blocklisted process makes network request
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/78a3da3f79ed553562bb24cbe36d800f41cd6ded75bedc8d502e0c978e943bca

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Grandoreiro

zip 78a3da3f79ed553562bb24cbe36d800f41cd6ded75bedc8d502e0c978e943bca

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3271094/

Comments