MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cf29f16eec53c0fbae3f4fcaa6f69201655e5a4b368de8e3b9f2ab9a60d820a6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cf29f16eec53c0fbae3f4fcaa6f69201655e5a4b368de8e3b9f2ab9a60d820a6
SHA3-384 hash: 565aa5465be9c5cd95e650ba56134a770346c73450abc3e6001f64ccfe6d88d6214b851cb9baf993923c5d96ff59f01d
SHA1 hash: e00825e408dfe9b88a7a30711869565c687bcbc2
MD5 hash: b67ebb73978c7aadaca1ecb5f3f01f54
humanhash: yellow-sweet-nevada-fillet
File name:Newart.7z
Download: download sample
File size:4'553'736 bytes
First seen:2022-05-23 00:26:41 UTC
Last seen:Never
File type: 7z
MIME type:application/x-7z-compressed
ssdeep 98304:7x9SPE4ZrGkU9g+JdBvJVZZvfPtssLYylSeQJtUyBV56I/LJL:7xaO6+JPJVZd1YyoeQPn56I/LJL
TLSH T1C726338DAB207F448B14A0BB4997D5357E7F53AF0E96DE23B1367E938D818C5B014A0B
TrID 57.1% (.7Z) 7-Zip compressed archive (v0.4) (8000/1)
42.8% (.7Z) 7-Zip compressed archive (gen) (6000/1)
Reporter dodosec
Tags:7z banker brazil


Avatar
dodo_sec
Folder created in C:\ by a malicious installer. Contains a legitimate uimonster.exe and a DLL with binary padding to inflate its size, dbghelp.dll. Distribution method and behavior suggests a Brazilian banking malware, possibly Ousaban or Grandoreiro. The twitter link provided has a list of portuguese and spanish banks present in the malware during execution

Intelligence

File Origin
# of uploads :
1
# of downloads :
329
Origin country :
n/a
Vendor Threat Intelligence
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
control.exe overlay packed remote.exe replace.exe update.exe
Link:
https://www.filescan.io/uploads/628ad4dc3223462f89dbf4c1/reports/b23633d4-4d8d-4626-997a-54a628e8c52e/overview
Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/cf29f16eec53c0fbae3f4fcaa6f69201655e5a4b368de8e3b9f2ab9a60d820a6/
Threat name:
Win32.Infostealer.Grandoreiro
Create hunting rule
Status:
Malicious
First seen:
2022-05-23 00:28:27 UTC
File Type:
Binary (Archive)
Extracted files:
4882
AV detection:
8 of 26 (30.77%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  6/10
Tags:
persistence
Link:
https://tria.ge/reports/220523-arq95aefaj/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/cf29f16eec53c0fbae3f4fcaa6f69201655e5a4b368de8e3b9f2ab9a60d820a6

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Microsoft Software Installer (MSI) msi cc9ac74e13a5208c8a69b4e24e507d8cb53feb886b39f2bd389f9986c98198f4

7z cf29f16eec53c0fbae3f4fcaa6f69201655e5a4b368de8e3b9f2ab9a60d820a6

(this sample)

  
X
https://twitter.com/dodo_sec/status/1528531066629283841
  
Dropped by
SHA256 cc9ac74e13a5208c8a69b4e24e507d8cb53feb886b39f2bd389f9986c98198f4
  
Dropped by
MD5 e0296f4d60fb83370111fb92d103a5a5

Comments