A Look Back: The Evolution of Latin American eCrime Malware in 2024

Dec. 18, 2024, 7:40 p.m.

Description

Latin American cybercrime continues to evolve as adversaries refine their tactics and techniques. Key developments in 2024 include the adoption of Rust for improved evasion, consistent use of multi-stage infection chains and malspam campaigns, and evidence of collaboration among threat actors. Notable updates were observed across malware families like Mispadu, Kiron, Caiman, Culebra, Salve, and Astaroth. These updates ranged from new delivery mechanisms and obfuscation techniques to enhanced stealer features. Despite innovations, Delphi-based components remain prevalent. The ongoing refinement of these malware families highlights the adaptability and ingenuity of Latin American cybercriminals in sustaining their operations.

External References

https://www.crowdstrike.com/en-us/blog/latam-ecrime-malware-evolution-2024/
https://otx.alienvault.com/pulse/67631fc9eeaaa35535b9b525
Tags
phishing
javascript
rust
banking trojan
information stealer
2024-12-18
nirsoft

Date

  • Created: Dec. 18, 2024, 7:17 p.m.
  • Published: Dec. 18, 2024, 7:17 p.m.
  • Modified: Dec. 18, 2024, 7:40 p.m.

Indicators

  • fc258ef827620184253ba37d94efc0043745c29cf3c9f21a6c730f7727d6d076
  • d7a918b29b4423b2a4be151f1b37c28abc081068c13a04ad8fd70dbd725d659b
  • bbf766df1972966b0ab3928d82c61d953e849638bb2c0bab60df3ad8aaacf174
  • ba4e715fe25aeaaf186e8395c2f13ca580457ab4e8ec1c037fd13821d97a6848
  • b23aabe16db5f6ccdd061b457d01b94647ed5b5852806624dca277b43d63e188
  • aec68d256d8d2caf2d94c5944279806dd4da36d125c7a7d1485c89f718d0db15
  • 60b32e40ec0a5e59081fa9816a26346892899175ce97c811761423c3533e0651
  • 5f6c0ba669db489bc2ff186af312bfe7616f9e4a12706e195225da7168e10db0
  • 5d74d439bbb0be789e23bdaafd8cff938e6e686af7c8e215dc945cacc88d131c
  • 46b8e68f5e85935349d0bfc555b9786f7adbac9ec9a9fa174ba0c4f89baa098f
  • 57e76a7af5bafb4ff06f5f44dcf1182ea5c6a8682651c260f555c52fd441b412
  • 3972d6c85bb37889265fef3bb3b3ed8494e038ca37e345a515e39b3e95766a50
  • 2776c052d11f52501871c4cb5a051a1970f002c3f099969040945fb94a158d9a
  • 27f482377777a1b8e1e679863685f64121f28e1e6e2bba832397269d1763e118
  • 15899e250892c2cc6b38d7cdcd2a3934a49c5dca954889564a98d15a52bf3b7c
  • 129971e378991d14c444db7a7f4c9a16ece750dd6498261d2f35c85baa9bfd07
  • 148cd318aec19451b9ad17e58e0d97ebaffd46b56d3528608de20b95dd429c45
  • 0f035dced631ac58cfae510cfc61bb1dbef119331a8aea8d5c724a5ddca0f8c5
  • 07a58395e20090f139eb0cb3aa1872da4fae8c1630de818a405d3329a7406150
  • 84.246.85.94
  • 38.54.57.26
  • 192.101.68.150
  • 162.200.178.68
  • 147.45.116.5
  • 108.165.96.26
  • 191.55.53.136
  • http://84.246.85.94:7890
  • lovecollege.hosthampster.com
  • massgrave.site
  • adjunto.pdfxml.store
  • contpt.top
  • api.cacher.io
Download all indicators here!

Attack Patterns

  • Astaroth
  • Salve
  • Caiman
  • Culebra
  • Kiron
  • Mispadu
  • Guildma
  • SAMBA SPIDER

Additional Informations

  • Finance
  • Costa Rica
  • Chile
  • Argentina
  • Peru
  • Ecuador
  • Mexico
  • Brazil