Today > vulnerabilities   -   You can now download lists of IOCs here!

Banking trojan unleashed: Observing emerging global campaigns

May 20, 2024, 10:05 a.m.

Tags
phishing
trojan
2024-05-20
banking
malware-as-a-service
grandoreiro
External References
Description

IBM's X-Force has been tracking large-scale phishing campaigns distributing the Grandoreiro banking trojan, likely operated as a Malware-as-a-Service. The malware targets over 1500 global banks, enabling banking fraud in over 60 countries. The latest variant features major updates, including string decryption and domain generation algorithm enhancements, and the ability to spread through Microsoft Outlook clients. Campaigns impersonate government entities in Mexico, Argentina, and South Africa, indicating a change in strategy and global expansion since recent law enforcement actions against the operators.

Date

Published: May 20, 2024, 9:40 a.m.

Created: May 20, 2024, 9:40 a.m.

Modified: May 20, 2024, 10:05 a.m.

Indicators

fb3d843d35c66f76b1b1b88260ad20096e118ef44fd94137dbe394f53c1b8a46

f8f2c7020b2d38c806b5911acb373578cbd69612cbe7f21f172550f4b5d02fdb

d005abe0a29b53c5995a10ce540cc2ffbe96e7f80bf43206d4db7921b6d6aa10

bfcd71a4095c2e81e2681aaf0239436368bc2ebddae7fdc8bb486ffc1040602c

afd53240a591daf50f556ca952278cf098dbc5b6c2b16c3e46ab5a0b167afb40

97f3c0beef87b993be321b5af3bf748cc8e003e6e90cf5febf69dfd81e85f581

84572c0de71bce332eb9fa03fd342433263ad0c4f95dd3acd86d1207fa7d23f0

70f22917ec1fa3a764e21f16d68af80b697fb9d0eb4f9cd6537393b622906908

6772d2425b5a169aca824de3ff2aac400fa64c3edd93faaabd17d9c721d996c1

55426bb348977496189cc6a61b711a3aadde155772a650ef17fba1f653431965

3f920619470488b8c1fda4bb82803f72205b18b1ea31402b461a0b8fe737d6bd

2ab8c3a1a7fe14a49084fbf42bbdd04d6379e6ae2c74d801616e2b9cf8c8519c

29f19d9cd8fe38081a2fde66fb2e1eff33c4d4b5714ef5cada5cc76ec09bf2fa

10b498562aef754156e2b540754bf1ccf9a9cb62c732bf9b661746dd08c67bd1

root@zpmbnoxf.crazydocuments.com

rufnag.com

pjohconstruccionescpaz.com

innovation.ai

Download all indicators here!

Attack Patterns

Grandoreiro - S0531

Grandoreiro

T1223

T1122

T1568

T1107

T1588

T1583

T1567

T1127

T1016

T1574

T1547

T1105

T1083

T1595

T1543

T1140

T1053

T1059

Additional Informations

Costa Rica

South Africa

Chile

Colombia

Netherlands

Argentina

Spain

Italy

Peru

Japan

Mexico