ioc[.]one - OSINT Cyber Threat Intelligence Database

JanelaRAT: Repurposed BX Rat Variant Targeting LATAM FinTech

Tags

cmtmf-attack-pattern:	Boot Or Logon Autostart Execution Command And Scripting Interpreter Develop Capabilities Obfuscated Files Or Information Stage Capabilities
country:	Colombia Laos Mexico Peru Portugal
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Boot Or Logon Autostart Execution - T1547 Command And Scripting Interpreter - T1623 Develop Capabilities - T1587 Dll Side-Loading - T1574.002 Dns - T1071.004 Dns - T1590.002 Domains - T1583.001 Domains - T1584.001 Dynamic Dns - T1311 Dynamic Dns - T1333 Encrypted Channel - T1521 Encrypted Channel - T1573 Exfiltration Over C2 Channel - T1646 Hijack Execution Flow - T1625 Hijack Execution Flow - T1574 Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001 Obfuscated Files Or Information - T1406 Native Api - T1575 Python - T1059.006 Registry Run Keys / Startup Folder - T1547.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Software Packing - T1027.002 Software Packing - T1406.002 Stage Capabilities - T1608 Standard Encoding - T1132.001 Symmetric Cryptography - T1521.001 Symmetric Cryptography - T1573.001 Visual Basic - T1059.005 Virtualization/Sandbox Evasion - T1497 Time Based Evasion - T1497.003 Tool - T1588.002 Upload Malware - T1608.001 Virtualization/Sandbox Evasion - T1633 Command-Line Interface - T1059 Data Encoding - T1132 Deobfuscate/Decode Files Or Information - T1140 Dll Side-Loading - T1073 Execution Through Api - T1106 Exfiltration Over Command And Control Channel - T1041 Standard Non-Application Layer Protocol - T1095 Obfuscated Files Or Information - T1027 Registry Run Keys / Start Folder - T1060 Software Packing - T1045

Show in Graph

Common Information

Type	Value
UUID	085b7618-8f00-4b25-938f-ba0e36e0fd3e
Fingerprint	b80c0d9cedb30311
Analysis status	DONE
Considered CTI value	2
Text language
Published	Oct. 3, 2023, midnight
Added to db	Nov. 19, 2023, 3:54 a.m.
Last updated	Nov. 17, 2024, 6:56 p.m.
Headline	Zscaler Blog
Title	JanelaRAT: Repurposed BX Rat Variant Targeting LATAM FinTech
Detected Hints/Tags/Attributes	129/4/161

Source URLs

	Redirection	Url
Details	Source	https://www.zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech

URL Provider

Details	Provider	Source level domain
Details	zscaler.com	www.zscaler.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	406	✔	Security Research \| Blog Category Feed	https://www.zscaler.com/blogs/feeds/security-research	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Domain	2	zimbawhite.is-certified.com
Details	Domain	2	cnt-blackrock.geekgalaxy.com
Details	Domain	2	aigodmoney009.access.ly
Details	Domain	2	myfunbmdablo99.hosthampster.com
Details	Domain	2	minfintymexbr.geekgalaxy.com
Details	Domain	2	freelascdmx979.couchpotatofries.org
Details	Domain	2	irocketxmtm.hopto.me
Details	Domain	2	cinfintymex.geekgalaxy.com
Details	Domain	2	439mdxmex.damnserver.com
Details	Domain	2	hotdiamond777.loginto.me
Details	Domain	2	9mdxmex.damnserver.com
Details	Domain	2	897midasgold.ddns.me
Details	Domain	2	imrpc7987bm.mmafan.biz
Details	Domain	2	ikmidasgold.ddns.me
Details	Domain	2	disrupmoney979.ditchyourip.com
Details	Domain	2	dmrpc77bm.myactivedirectory.com
Details	Domain	2	rexsrupmoney979.ditchyourip.com
Details	Domain	2	kakarotomx.dnsfor.me
Details	Domain	2	jxjmrpc797bm.mydissent.net
Details	Domain	2	kktkarotomx.dnsfor.me
Details	Domain	2	skigoldmex.dvrcam.info
Details	Domain	2	askmrpc747bm.mymediapc.net
Details	Domain	2	megaskigoldmex.dvrcam.info
Details	Domain	2	i89bydzi.dynns.com
Details	Domain	2	myinfintyme09.geekgalaxy.com
Details	Domain	2	izt89bydzi.dynns.com
Details	Domain	2	infintymexbrock.geekgalaxy.com
Details	Domain	2	infintymex747.geekgalaxy.com
Details	Domain	2	zeedinfintymexbrock.geekgalaxy.com
Details	Domain	2	brockmex57.golffan.us
Details	Domain	2	infintymexb.geekgalaxy.com
Details	Domain	2	j1d3c3mex.homesecuritypc.com
Details	Domain	2	jinfintymexbr.geekgalaxy.com
Details	Domain	1	dia06mx.est-a-la-maison.com
Details	File	1	c:\users\public\q3xk0o\vcruntime140.dll
Details	File	1	c:\users\public\q3xk0o\opdrde.exe
Details	File	1	c:\users\willi\appdata\roaming\opdrde.exe
Details	File	1	iwf2u49.exe
Details	File	1	c:\users\willi\appdata\roaming\iwf2u49.exe
Details	File	69	vcruntime140.dll
Details	File	11	vmnat.exe
Details	File	2	msedge_elf.dll
Details	File	6	identity_helper.exe
Details	File	1	fi.ini
Details	File	1	16psyche.txt
Details	File	1	kepler186f.txt
Details	File	61	1.bat
Details	File	1	%systemroot%\taskmgr.exe
Details	File	2	dvrcam.inf
Details	File	1	hotdiamond777.log
Details	md5	2	24c6bff8ebfd532f91ebe06dc13637cb
Details	md5	2	c18edb805748b4bd5013ccb47f061c2a
Details	md5	2	7e4592e02951be844a2ee603d75070a6
Details	md5	1	8e7dc7fd611d286ff788ce5583f4d0f7
Details	md5	1	cde203b715270f9d948704333630c0ee
Details	md5	1	97704646c49406ab2bf5f80164bff55a
Details	md5	1	be7d1742ac03106e5ae9a4d7b9320fd9
Details	md5	1	e9d8743ccfb95b40210d056741c28dc6
Details	md5	1	7115d48c7a26ba5dbcbfdad6f2558f8b
Details	md5	1	123eebaaa6db5a464fb6dc8bd165e15f
Details	md5	1	7ac6d7857b77c27ebb4a1db9a176a86a
Details	md5	2	526a0b2d142567d8078e24ab0758fad7
Details	md5	2	e841f4691e5107fe360b1528384a96f0
Details	md5	2	c39f75423862c1525f089a5e966b9d04
Details	md5	2	72c02b3181c763d0e67f060e91635a97
Details	md5	2	897e8483b673db70fdc5d3d111600cac
Details	md5	2	c2f4cb0da89b4ea86ab5369a942428eb
Details	md5	2	e56d8632db98b07d2b49423f7dd64b42
Details	md5	2	8b83e6b2d891cdf9250e9afd17081eab
Details	md5	2	999a9af2cd20a8c4bcf652e3523aafa3
Details	md5	2	51268b9681df47022c44af43f9d57255
Details	md5	2	1b72c12db8a37103a37cab5b3b14398c
Details	md5	2	397e407e63128e71089971e3b35dd253
Details	md5	2	172ca00d32a201f5e917bc4d73f720a1
Details	md5	2	505fab6d83ef86a4b12b5808047fa7f1
Details	md5	2	3870e4a4d86a34424ea47bdaa722cd89
Details	md5	2	44d9f29a81a2f2df83b6000165e8a06f
Details	md5	2	f71471d7e94ef739a8ee44125023b750
Details	md5	2	ec60bc4522fa58bfe9592abde33948a7
Details	md5	2	81618be603bca301ac156ed169444569
Details	md5	2	ba2bd2d31cf591480b69e106b0e77b5c
Details	md5	2	e2d7101f405ed88aba89bf39d56ee7a8
Details	md5	2	84919bf0583c0e6c04e606f34a1d56f3
Details	md5	2	48c189e5dfe28b9d2b32fd813a991adb
Details	md5	2	e684e872213432320c78f56c72c88a8e
Details	md5	2	c86fdacd8af28cb08ef406bc6d4fc5a7
Details	md5	2	d057c499f440b77cfcad8d859d389915
Details	md5	2	36a8a7407f084b4ae461b6bb4dd0b65c
Details	md5	2	900445a57f462d0df130c3612e6caed7
Details	md5	2	691cc21dae6e320564f74d6372e94286
Details	md5	2	b1e1134c82fdfe283948930089474574
Details	md5	2	0cf2707ce1dccd6054813cb9207bf3d4
Details	md5	2	d1684fa84602a2d560b47dfe0f0779b4
Details	md5	2	2cbee69042a4d85ecfe6e55639b1b42a
Details	md5	2	da48cd57e4b45cba63716bc2d53c4c76
Details	md5	2	b2aaee6945f75caa1c44bca3e2812993
Details	md5	2	e166bd80341871c9d752537f80584334
Details	md5	2	3bbfc1f2e20ba8209d057c215303b2bf
Details	md5	2	4d62fc39e2586da78b65fff6dc844670
Details	md5	2	aa3162289e7e848b7aeb19c8b85131fd
Details	md5	2	1fc6298c88b3ea2030cc0382369d0bb9
Details	md5	2	42eb945b1b881b2319a74af06b1037db
Details	md5	2	8ca3dd771adbba82d28ce7ba4a0b8c97
Details	md5	2	4a1465999cdd9ee687b72289df05eaa9
Details	md5	2	5335caa5d199eac6f67b2e911b6b1e37
Details	md5	2	e2f9e1dfb24c9deb7f4a3c0c5c1fd016
Details	md5	2	3ec6342286d5b699bc1fb2ef6598f906
Details	md5	2	3cbe59c309f803fffdadcc69d3578a53
Details	md5	2	4c9c287103defb55b9e89278800e4025
Details	md5	2	7548edc03021561c4d7a1b386aaa7696
Details	md5	2	596de51352cbeb0d26d861e991889578
Details	md5	2	18ed52de642d3f3aab7c271804bd005a
Details	md5	2	5a5106ee07d277b373d13c9f3160fea0
Details	md5	2	7b70c957449ab51f8d561582f229d5cf
Details	md5	2	0898c4c1cb698cd29707db44352ab868
Details	md5	2	5f628223fa083e4598badfe7efae5269
Details	md5	2	304202cbc70412e76a216257ff4d2085
Details	md5	2	398d0268535cba57fa3b33159bbe04f3
Details	md5	2	e6c501b52165cd278724ea229e44a8b9
Details	md5	2	c625443768b40cfbc93e28b92e874740
Details	md5	2	c5f2d6d3d3ac3521d2b2f7fa90d3ee5e
Details	md5	2	b036f1351ed5af87005978c7b6036d3d
Details	md5	2	3a336c5c7bd08587ad1709294d044e41
Details	md5	2	fc79aa5093f55dfa18a20f538c5e475e
Details	md5	2	4b142b23110fbb7b98ad49c051d7a1af
Details	md5	2	76887ccf6de5b5f8d70cd6d91450b131
Details	md5	2	6364aa555ae8fd0ba5a8d97a2ffa314a
Details	md5	2	f4a42ef33e3a3a41b4e7ee0cd3173fb6
Details	md5	1	72f4e0f7ff7a82c1e5cb6480c0c90a00
Details	md5	1	1a47c3afa06960e8d8f54e507aa23675
Details	md5	1	99bf0fba15aa3a9a59cbf442a80364e5
Details	sha1	2	37df375be813d91e11795a75872479c1a656e951
Details	sha1	2	be7e5282efe58018b462a5ba0a78a7f01108460d
Details	sha256	1	0c873439bc0af08fdf0c335c5a94752413fd096c0c2f1138f17e786bc5ce59c3
Details	sha256	1	c6b3f1648f7137df91606f6aaaa6d25d672e18c8adcb178c6d8cdcf3148a3c81
Details	IPv4	2	1.0.6.4
Details	IPv4	2	45.42.160.55
Details	IPv4	2	191.96.224.215
Details	IPv4	2	192.99.169.240
Details	IPv4	2	191.96.79.24
Details	IPv4	2	167.88.168.132
Details	IPv4	2	102.165.46.28
Details	IPv4	2	189.89.15.37
Details	MITRE ATT&CK Techniques	96	T1587.001
Details	MITRE ATT&CK Techniques	49	T1608.001
Details	MITRE ATT&CK Techniques	137	T1059.005
Details	MITRE ATT&CK Techniques	695	T1059
Details	MITRE ATT&CK Techniques	380	T1547.001
Details	MITRE ATT&CK Techniques	227	T1574.002
Details	MITRE ATT&CK Techniques	160	T1027.002
Details	MITRE ATT&CK Techniques	504	T1140
Details	MITRE ATT&CK Techniques	57	T1497.003
Details	MITRE ATT&CK Techniques	99	T1132.001
Details	MITRE ATT&CK Techniques	130	T1573.001
Details	MITRE ATT&CK Techniques	159	T1095
Details	MITRE ATT&CK Techniques	422	T1041
Details	Threat Actor Identifier - APT-C	83	APT-C-36
Details	Url	2	http://zimbawhite.is-certified.com:3001/clientes/6
Details	Url	2	http://zimbawhite.is-certified.com:3001/clientes
Details	Url	2	http://45.42.160.55
Details	Windows Registry Key	188	HKCU\Software\Microsoft\Windows\CurrentVersion\Run