{ "Event": { "analysis": "2", "date": "2017-09-28", "extends_uuid": "", "info": "OSINT - Banking Trojan Attempts To Steal Brazillion$", "publish_timestamp": "1506631180", "published": true, "threat_level_id": "3", "timestamp": "1506631148", "uuid": "59cd5d0e-8280-4acd-a27e-427302de0b81", "Orgc": { "name": "CIRCL", "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" }, "Tag": [ { "colour": "#ffffff", "local": "0", "name": "tlp:white", "relationship_type": "" }, { "colour": "#6bd600", "local": "0", "name": "circl:topic=\"finance\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1506631098", "to_ids": false, "type": "link", "uuid": "59cd5d1b-82a8-44f8-84bd-48c702de0b81", "value": "http://blog.talosintelligence.com/2017/09/brazilbanking.html" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1506631098", "to_ids": false, "type": "text", "uuid": "59cd5d2a-c288-49c6-90c3-445302de0b81", "value": "Banking trojans are among some of the biggest threats to everyday users as they directly impact the user in terms of financial loss. Talos recently observed a new campaign specific to South America, namely Brazil. This campaign was focused on various South American banks in an attempt to steal credentials from the user to allow for illicit financial gain for the malicious actors. The campaign Talos analysed focused on Brazilian users and also attempted to remain stealthy by using multiple methods of re-direction in an attempt to infect the victim machine. It also used multiple anti-analysis techniques and the final payload was written in Delphi which is quite unique to the banking trojan landscape." }, { "category": "Payload delivery", "comment": "HTML attachment", "deleted": false, "disable_correlation": false, "timestamp": "1506631098", "to_ids": true, "type": "sha256", "uuid": "59cd5d89-592c-4e51-9d5c-471302de0b81", "value": "927d914f46715a9ed29810ed73f9464e4dadfe822ee09d945a04623fa3f4bc10" }, { "category": "Payload delivery", "comment": "RAR archive", "deleted": false, "disable_correlation": false, "timestamp": "1506631098", "to_ids": true, "type": "sha256", "uuid": "59cd5d89-0120-47f5-bb38-48e002de0b81", "value": "5730b4e0dd520caba11f9224de8cfd1a8c52e0cc2ee98b2dac79e40088fe681c" }, { "category": "Payload delivery", "comment": "BOLETO_09848378974093798043.jar", "deleted": false, "disable_correlation": false, "timestamp": "1506631098", "to_ids": true, "type": "sha256", "uuid": "59cd5d89-c20c-4052-8022-440002de0b81", "value": "b76344ba438520a19fff51a1217e3c6898858f4d07cfe89f7b1fe35e30a6ece9" }, { "category": "Payload delivery", "comment": "gbs.png", "deleted": false, "disable_correlation": false, "timestamp": "1506631098", "to_ids": true, "type": "sha256", "uuid": "59cd5d89-e00c-478a-8b99-4f7b02de0b81", "value": "0ce1eac877cdd87fea25050b0780e354fe3b7d6ca96c505b2cd36ca319dc6cab" }, { "category": "Payload delivery", "comment": "i.dk", "deleted": false, "disable_correlation": false, "timestamp": "1506631098", "to_ids": true, "type": "sha256", "uuid": "59cd5d89-9d94-4dc4-95cd-4cf802de0b81", "value": "6d8c7760ac76af40b7f9cc4af31da8931cef0d9b4ad02aba0816fa2c24f76f10" }, { "category": "Payload delivery", "comment": "prs.png", "deleted": false, "disable_correlation": false, "timestamp": "1506631098", "to_ids": true, "type": "sha256", "uuid": "59cd5d89-6954-4479-9a61-4b2402de0b81", "value": "56664ec3cbb228e8fa21ec44224d68902d1fbe20687fd88922816464ea5d4cdf" }, { "category": "Payload delivery", "comment": "pz.zip", "deleted": false, "disable_correlation": false, "timestamp": "1506631098", "to_ids": true, "type": "sha256", "uuid": "59cd5d89-1fd0-4aa1-a172-4eaa02de0b81", "value": "641a58b667248fc1aec80a0d0e9a515ba43e6ca9a8bdd162edd66e58703f8f98" }, { "category": "Payload delivery", "comment": "vm.png", "deleted": false, "disable_correlation": false, "timestamp": "1506631098", "to_ids": true, "type": "sha256", "uuid": "59cd5d89-8d68-4081-b19f-4beb02de0b81", "value": "79a68c59004e3444dfd64794c68528187e3415b3da58f953b8cc7967475884c2" }, { "category": "Payload delivery", "comment": "vmwarebase.dll", "deleted": false, "disable_correlation": false, "timestamp": "1506631098", "to_ids": true, "type": "sha256", "uuid": "59cd5d89-7e4c-4191-974f-48c702de0b81", "value": "969a5dcf8f42574e5b0c0adda0ff28ce310e0b72d94a92b70f23d06ca5b438be" }, { "category": "Payload delivery", "comment": "vmwarebase.dll - Xchecked via VT: 969a5dcf8f42574e5b0c0adda0ff28ce310e0b72d94a92b70f23d06ca5b438be", "deleted": false, "disable_correlation": false, "timestamp": "1506631098", "to_ids": true, "type": "sha1", "uuid": "59cd5dba-761c-4b2b-9fda-4cb002de0b81", "value": "215864580545fe063ef7e11502aee333e2b5b985" }, { "category": "Payload delivery", "comment": "vmwarebase.dll - Xchecked via VT: 969a5dcf8f42574e5b0c0adda0ff28ce310e0b72d94a92b70f23d06ca5b438be", "deleted": false, "disable_correlation": false, "timestamp": "1506631098", "to_ids": true, "type": "md5", "uuid": "59cd5dba-c394-4a70-a032-471a02de0b81", "value": "22f826ba98c8a8478881bdfe73e6b86b" }, { "category": "External analysis", "comment": "vmwarebase.dll - Xchecked via VT: 969a5dcf8f42574e5b0c0adda0ff28ce310e0b72d94a92b70f23d06ca5b438be", "deleted": false, "disable_correlation": false, "timestamp": "1506631098", "to_ids": false, "type": "link", "uuid": "59cd5dba-a558-4fae-8a03-43c202de0b81", "value": "https://www.virustotal.com/file/969a5dcf8f42574e5b0c0adda0ff28ce310e0b72d94a92b70f23d06ca5b438be/analysis/1506627369/" }, { "category": "Payload delivery", "comment": "vm.png - Xchecked via VT: 79a68c59004e3444dfd64794c68528187e3415b3da58f953b8cc7967475884c2", "deleted": false, "disable_correlation": false, "timestamp": "1506631098", "to_ids": true, "type": "sha1", "uuid": "59cd5dba-049c-4005-a327-4e7902de0b81", "value": "b87c2ceadd200b1bf7f9eeef3c5137620cf991b7" }, { "category": "Payload delivery", "comment": "vm.png - Xchecked via VT: 79a68c59004e3444dfd64794c68528187e3415b3da58f953b8cc7967475884c2", "deleted": false, "disable_correlation": false, "timestamp": "1506631098", "to_ids": true, "type": "md5", "uuid": "59cd5dba-6124-42b4-8061-438c02de0b81", "value": "217c29852569b3f21ff588a038a27423" }, { "category": "External analysis", "comment": "vm.png - Xchecked via VT: 79a68c59004e3444dfd64794c68528187e3415b3da58f953b8cc7967475884c2", "deleted": false, "disable_correlation": false, "timestamp": "1506631098", "to_ids": false, "type": "link", "uuid": "59cd5dba-4944-43a2-a0dc-48ba02de0b81", "value": "https://www.virustotal.com/file/79a68c59004e3444dfd64794c68528187e3415b3da58f953b8cc7967475884c2/analysis/1506627368/" }, { "category": "Payload delivery", "comment": "pz.zip - Xchecked via VT: 641a58b667248fc1aec80a0d0e9a515ba43e6ca9a8bdd162edd66e58703f8f98", "deleted": false, "disable_correlation": false, "timestamp": "1506631098", "to_ids": true, "type": "sha1", "uuid": "59cd5dba-fca8-4d0f-9318-4c4102de0b81", "value": "8e48a22aba894d0fc81501b88c5fc9c53a7671c0" }, { "category": "Payload delivery", "comment": "pz.zip - Xchecked via VT: 641a58b667248fc1aec80a0d0e9a515ba43e6ca9a8bdd162edd66e58703f8f98", "deleted": false, "disable_correlation": false, "timestamp": "1506631098", "to_ids": true, "type": "md5", "uuid": "59cd5dba-21b8-40f2-86b2-4a8202de0b81", "value": "910050bc1fcea33836fa2e9978bbea10" }, { "category": "External analysis", "comment": "pz.zip - Xchecked via VT: 641a58b667248fc1aec80a0d0e9a515ba43e6ca9a8bdd162edd66e58703f8f98", "deleted": false, "disable_correlation": false, "timestamp": "1506631098", "to_ids": false, "type": "link", "uuid": "59cd5dba-3830-4107-9293-46c902de0b81", "value": "https://www.virustotal.com/file/641a58b667248fc1aec80a0d0e9a515ba43e6ca9a8bdd162edd66e58703f8f98/analysis/1506627368/" }, { "category": "Payload delivery", "comment": "prs.png - Xchecked via VT: 56664ec3cbb228e8fa21ec44224d68902d1fbe20687fd88922816464ea5d4cdf", "deleted": false, "disable_correlation": false, "timestamp": "1506631098", "to_ids": true, "type": "sha1", "uuid": "59cd5dba-99cc-4c15-aa93-43b802de0b81", "value": "840db25ff4e601891ef7b87378edbafa88b1b89a" }, { "category": "Payload delivery", "comment": "prs.png - Xchecked via VT: 56664ec3cbb228e8fa21ec44224d68902d1fbe20687fd88922816464ea5d4cdf", "deleted": false, "disable_correlation": false, "timestamp": "1506631098", "to_ids": true, "type": "md5", "uuid": "59cd5dba-1274-4eb7-8170-4b9402de0b81", "value": "9500ef3e0efb0253e67092733c6171fb" }, { "category": "External analysis", "comment": "prs.png - Xchecked via VT: 56664ec3cbb228e8fa21ec44224d68902d1fbe20687fd88922816464ea5d4cdf", "deleted": false, "disable_correlation": false, "timestamp": "1506631098", "to_ids": false, "type": "link", "uuid": "59cd5dba-63b0-4cfd-801a-4e6802de0b81", "value": "https://www.virustotal.com/file/56664ec3cbb228e8fa21ec44224d68902d1fbe20687fd88922816464ea5d4cdf/analysis/1506627367/" }, { "category": "Payload delivery", "comment": "i.dk - Xchecked via VT: 6d8c7760ac76af40b7f9cc4af31da8931cef0d9b4ad02aba0816fa2c24f76f10", "deleted": false, "disable_correlation": false, "timestamp": "1506631098", "to_ids": true, "type": "sha1", "uuid": "59cd5dba-7218-4880-8d58-40cb02de0b81", "value": "d4f4b6ae16132f0f3dbf229261b8c9c0e0f6dacb" }, { "category": "Payload delivery", "comment": "i.dk - Xchecked via VT: 6d8c7760ac76af40b7f9cc4af31da8931cef0d9b4ad02aba0816fa2c24f76f10", "deleted": false, "disable_correlation": false, "timestamp": "1506631098", "to_ids": true, "type": "md5", "uuid": "59cd5dba-24d8-4408-a7d7-499b02de0b81", "value": "07bac99d36fd5bae4d600356398c7a1b" }, { "category": "External analysis", "comment": "i.dk - Xchecked via VT: 6d8c7760ac76af40b7f9cc4af31da8931cef0d9b4ad02aba0816fa2c24f76f10", "deleted": false, "disable_correlation": false, "timestamp": "1506631098", "to_ids": false, "type": "link", "uuid": "59cd5dba-bc5c-456b-8a47-43b302de0b81", "value": "https://www.virustotal.com/file/6d8c7760ac76af40b7f9cc4af31da8931cef0d9b4ad02aba0816fa2c24f76f10/analysis/1506627367/" }, { "category": "Payload delivery", "comment": "gbs.png - Xchecked via VT: 0ce1eac877cdd87fea25050b0780e354fe3b7d6ca96c505b2cd36ca319dc6cab", "deleted": false, "disable_correlation": false, "timestamp": "1506631098", "to_ids": true, "type": "sha1", "uuid": "59cd5dba-13ac-44ae-8366-4ab702de0b81", "value": "369daf3580d3bb3c82c2232998b041718755414f" }, { "category": "Payload delivery", "comment": "gbs.png - Xchecked via VT: 0ce1eac877cdd87fea25050b0780e354fe3b7d6ca96c505b2cd36ca319dc6cab", "deleted": false, "disable_correlation": false, "timestamp": "1506631098", "to_ids": true, "type": "md5", "uuid": "59cd5dba-69d0-4624-a6e6-4ba602de0b81", "value": "5cce471463f3f2a9fd14f92787ab90a8" }, { "category": "External analysis", "comment": "gbs.png - Xchecked via VT: 0ce1eac877cdd87fea25050b0780e354fe3b7d6ca96c505b2cd36ca319dc6cab", "deleted": false, "disable_correlation": false, "timestamp": "1506631098", "to_ids": false, "type": "link", "uuid": "59cd5dba-2990-4468-9ca1-40c902de0b81", "value": "https://www.virustotal.com/file/0ce1eac877cdd87fea25050b0780e354fe3b7d6ca96c505b2cd36ca319dc6cab/analysis/1506627367/" }, { "category": "Payload delivery", "comment": "BOLETO_09848378974093798043.jar - Xchecked via VT: b76344ba438520a19fff51a1217e3c6898858f4d07cfe89f7b1fe35e30a6ece9", "deleted": false, "disable_correlation": false, "timestamp": "1506631098", "to_ids": true, "type": "sha1", "uuid": "59cd5dba-76a4-4d4d-8197-490802de0b81", "value": "c6b649e402b97ad971609837b6c79812d568f322" }, { "category": "Payload delivery", "comment": "BOLETO_09848378974093798043.jar - Xchecked via VT: b76344ba438520a19fff51a1217e3c6898858f4d07cfe89f7b1fe35e30a6ece9", "deleted": false, "disable_correlation": false, "timestamp": "1506631098", "to_ids": true, "type": "md5", "uuid": "59cd5dba-c750-4b2c-90a9-420b02de0b81", "value": "c80f7dc56e5a2e301a450b5a96af1c23" }, { "category": "External analysis", "comment": "BOLETO_09848378974093798043.jar - Xchecked via VT: b76344ba438520a19fff51a1217e3c6898858f4d07cfe89f7b1fe35e30a6ece9", "deleted": false, "disable_correlation": false, "timestamp": "1506631098", "to_ids": false, "type": "link", "uuid": "59cd5dba-bfb4-44d5-9d15-4f3102de0b81", "value": "https://www.virustotal.com/file/b76344ba438520a19fff51a1217e3c6898858f4d07cfe89f7b1fe35e30a6ece9/analysis/1506045471/" }, { "category": "Payload delivery", "comment": "RAR archive - Xchecked via VT: 5730b4e0dd520caba11f9224de8cfd1a8c52e0cc2ee98b2dac79e40088fe681c", "deleted": false, "disable_correlation": false, "timestamp": "1506631098", "to_ids": true, "type": "sha1", "uuid": "59cd5dba-fea8-4cea-ae18-420a02de0b81", "value": "2f2cac51734e2d4c123e9b857aeef5abbf56e47d" }, { "category": "Payload delivery", "comment": "RAR archive - Xchecked via VT: 5730b4e0dd520caba11f9224de8cfd1a8c52e0cc2ee98b2dac79e40088fe681c", "deleted": false, "disable_correlation": false, "timestamp": "1506631098", "to_ids": true, "type": "md5", "uuid": "59cd5dba-3778-4f06-8f19-4caa02de0b81", "value": "90fca6fff9e677184329fc1f7a9fa632" }, { "category": "External analysis", "comment": "RAR archive - Xchecked via VT: 5730b4e0dd520caba11f9224de8cfd1a8c52e0cc2ee98b2dac79e40088fe681c", "deleted": false, "disable_correlation": false, "timestamp": "1506631098", "to_ids": false, "type": "link", "uuid": "59cd5dba-4f9c-4ca4-b121-4d4b02de0b81", "value": "https://www.virustotal.com/file/5730b4e0dd520caba11f9224de8cfd1a8c52e0cc2ee98b2dac79e40088fe681c/analysis/1506627366/" }, { "category": "Payload delivery", "comment": "HTML attachment - Xchecked via VT: 927d914f46715a9ed29810ed73f9464e4dadfe822ee09d945a04623fa3f4bc10", "deleted": false, "disable_correlation": false, "timestamp": "1506631098", "to_ids": true, "type": "sha1", "uuid": "59cd5dba-bdf8-420a-a454-413d02de0b81", "value": "1ed0f239e26bc011b248784dff55d25e5ada732c" }, { "category": "Payload delivery", "comment": "HTML attachment - Xchecked via VT: 927d914f46715a9ed29810ed73f9464e4dadfe822ee09d945a04623fa3f4bc10", "deleted": false, "disable_correlation": false, "timestamp": "1506631098", "to_ids": true, "type": "md5", "uuid": "59cd5dba-e644-4409-bc70-405b02de0b81", "value": "c77397555decc0f026a84897a324a448" }, { "category": "External analysis", "comment": "HTML attachment - Xchecked via VT: 927d914f46715a9ed29810ed73f9464e4dadfe822ee09d945a04623fa3f4bc10", "deleted": false, "disable_correlation": false, "timestamp": "1506631098", "to_ids": false, "type": "link", "uuid": "59cd5dba-3c68-4d2e-9862-478c02de0b81", "value": "https://www.virustotal.com/file/927d914f46715a9ed29810ed73f9464e4dadfe822ee09d945a04623fa3f4bc10/analysis/1506628022/" } ] } }