ioc[.]one - OSINT Cyber Threat Intelligence Database

Janeleiro, the time traveler: A new old banking trojan in Brazil | WeLiveSecurity

Tags

cmtmf-attack-pattern:	Boot Or Logon Autostart Execution Compromise Infrastructure
country:	Brazil Colombia Laos Mexico
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Binary Padding - T1027.001 Boot Or Logon Autostart Execution - T1547 Clipboard Data - T1414 Compromise Infrastructure - T1584 Credentials - T1589.001 Credentials From Password Stores - T1555 Credentials From Web Browsers - T1555.003 Credentials From Web Browsers - T1503 Credentials In Files - T1552.001 Dead Drop Resolver - T1102.001 Dead Drop Resolver - T1481.001 Dll Side-Loading - T1574.002 Email Account - T1087.003 Exfiltration Over C2 Channel - T1646 Gui Input Capture - T1056.002 Gui Input Capture - T1417.002 Input Capture - T1417 Ip Addresses - T1590.005 Keylogging - T1056.001 Keylogging - T1417.001 Malicious Link - T1204.001 Malware - T1587.001 Malware - T1588.001 System Information Discovery - T1426 Phishing - T1660 Phishing - T1566 Registry Run Keys / Startup Folder - T1547.001 Screen Capture - T1513 Server - T1583.004 Server - T1584.004 Shortcut Modification - T1547.009 Software - T1592.002 Spearphishing Link - T1566.002 Spearphishing Link - T1598.003 Visual Basic - T1059.005 Web Service - T1481 Unsecured Credentials - T1552 Tool - T1588.002 Account Discovery - T1087 Application Window Discovery - T1010 Binary Padding - T1009 Clipboard Data - T1115 Credentials In Files - T1081 Deobfuscate/Decode Files Or Information - T1140 Dll Side-Loading - T1073 Exfiltration Over Command And Control Channel - T1041 Input Capture - T1056 Standard Non-Application Layer Protocol - T1095 Registry Run Keys / Start Folder - T1060 Screen Capture - T1113 Shortcut Modification - T1023 Spearphishing Link - T1192 System Information Discovery - T1082 System Owner/User Discovery - T1033 System Time Discovery - T1124 Web Service - T1102 User Execution - T1204 Screen Capture User Execution

Show in Graph

Common Information

Type	Value
UUID	9fb484f3-d6b5-4e89-879b-27c866eec26a
Fingerprint	c79174b28cd186cd
Analysis status	DONE
Considered CTI value	2
Text language
Published	April 6, 2021, 11:30 a.m.
Added to db	Sept. 11, 2022, 12:44 p.m.
Last updated	Nov. 17, 2024, 11:40 p.m.
Headline	Janeleiro, the time traveler: A new old banking trojan in Brazil
Title	Janeleiro, the time traveler: A new old banking trojan in Brazil \| WeLiveSecurity
Detected Hints/Tags/Attributes	146/4/93

Source URLs

	Redirection	Url
Details	Source	https://www.welivesecurity.com/2021/04/06/janeleiro-time-traveler-new-old-banking-trojan-brazil/

URL Provider

Details	Provider	Source level domain
Details	welivesecurity.com	www.welivesecurity.com

Attributes

Details	Type	#Events	Value
Details	Domain	56	vb.net
Details	Domain	114	eset.com
Details	Domain	2	recuperaglobaldanfeonline.eastus.cloudapp.azure.com
Details	Domain	2	protocolo-faturamento-servico.brazilsouth.cloudapp.azure.com
Details	Domain	2	acessoriapremierfantasiafaturas.eastus.cloudapp.azure.com
Details	Domain	2	portalrotulosfechamento.eastus.cloudapp.azure.com
Details	Domain	2	servicosemitidosglobalnfe.southcentralus.cloudapp.azure.com
Details	Domain	2	emissaocomprovanteatrasado.eastus.cloudapp.azure.com
Details	Domain	2	emitidasfaturasfevereiro.brazilsouth.cloudapp.azure.com
Details	Domain	2	dinamicoscontratosvencidos.brazilsouth.cloudapp.azure.com
Details	Domain	2	arquivosemitidoscomsucesso.eastus.cloudapp.azure.com
Details	Domain	2	fatura-digital-arquiv-lo.brazilsouth.cloudapp.azure.com
Details	Domain	2	nota-eletronica-servicos.brazilsouth.cloudapp.azure.com
Details	Domain	2	eletronicadanfe.brazilsouth.cloudapp.azure.com
Details	Domain	2	tasoofile.us-east-1.elasticbeanstalk.com
Details	Domain	2	slkvemnemim.us-east-1.elasticbeanstalk.com
Details	Domain	2	checa-env.cf3tefmhmr.eu-north-1.elasticbeanstalk.com
Details	Domain	2	comunicador.duckdns.org
Details	Email	69	threatintel@eset.com
Details	File	271	chrome.exe
Details	File	5	console.exe
Details	File	2	loaddllmsi.dll
Details	File	18	system.log
Details	File	2	ins.ini
Details	File	2	tial.dll
Details	File	2	modules.ini
Details	File	2	nfedown.php
Details	File	2	ins.dll
Details	File	3	checkuser.php
Details	File	1206	index.php
Details	File	1	loadsystem.dll
Details	File	1	logins.ini
Details	sha1	1	cf117e5ca26594f497e0f15106518fee52b88d8d
Details	sha1	1	d16ac192499192f06a3903192a4aa57a28ccca5a
Details	sha1	1	462d6ad77860d3d523d2cafbc227f012952e513c
Details	sha1	1	0a5bbec328fdd4e8b2379af770df8b180411b05d
Details	sha1	1	0aa349050b7ef173bfa34b92687554e81eeb28ff
Details	sha1	1	5b19e2d1950add701864d5f0f18a1111aaabea28
Details	sha1	1	186e590239083a5b54971cab66a58301230164c2
Details	sha1	1	e1b2fd94f16237379e4cad6832a6fce7f543dc40
Details	sha1	1	4061b2fbeb7f1026e54ee928867169d1b001b7a5
Details	sha1	1	8674e61b421a905da8b866a194680d08d27d77ae
Details	sha1	1	2e5f7d5f680152e738b8910e694651d48126382a
Details	sha1	1	06e4f11a2a6ef8284c6aac5a924d186410257650
Details	sha1	1	291a5f0df18cc68fa0da1b7f401ead17c9fbdd7f
Details	sha1	1	fb246a5a1105b83dfa8032394759dbc23ab81529
Details	sha1	1	6f6ff405f6da50b517e82ff9d1a546d8f13ec3f7
Details	sha1	1	742e0aedc8970d47f16f5549a6b61d839485de3c
Details	sha1	1	455faf2a741c28ba1efce8635ac0fce935c080ff
Details	sha1	1	d71eb97fc1f5fe50d608518d2820cb96f2a3376f
Details	sha1	1	158da5ab85bfac471dc2b2ee66fd99aef7432dbb
Details	sha1	1	6bfaefcc0930da5a2baec19723c8c835a003d1ec
Details	IPv4	2	52.204.58.11
Details	IPv4	2	35.174.60.172
Details	IPv4	2	178.79.178.203
Details	IPv4	2	138.197.101.4
Details	MITRE ATT&CK Techniques	21	T1584.004
Details	MITRE ATT&CK Techniques	183	T1566.002
Details	MITRE ATT&CK Techniques	106	T1204.001
Details	MITRE ATT&CK Techniques	380	T1547.001
Details	MITRE ATT&CK Techniques	30	T1547.009
Details	MITRE ATT&CK Techniques	504	T1140
Details	MITRE ATT&CK Techniques	125	T1555.003
Details	MITRE ATT&CK Techniques	89	T1552.001
Details	MITRE ATT&CK Techniques	22	T1087.003
Details	MITRE ATT&CK Techniques	75	T1010
Details	MITRE ATT&CK Techniques	1006	T1082
Details	MITRE ATT&CK Techniques	230	T1033
Details	MITRE ATT&CK Techniques	86	T1124
Details	MITRE ATT&CK Techniques	82	T1115
Details	MITRE ATT&CK Techniques	118	T1056.001
Details	MITRE ATT&CK Techniques	219	T1113
Details	MITRE ATT&CK Techniques	11	T1056.002
Details	MITRE ATT&CK Techniques	159	T1095
Details	MITRE ATT&CK Techniques	18	T1102.001
Details	MITRE ATT&CK Techniques	422	T1041
Details	Url	2	https://recuperaglobaldanfeonline.eastus.cloudapp.azure.com/nfedown.php?dw=
Details	Url	2	https://protocolo-faturamento-servico.brazilsouth.cloudapp.azure.com/nfedown.php?dw=
Details	Url	2	https://acessoriapremierfantasiafaturas.eastus.cloudapp.azure.com/nfedown.php?dw=
Details	Url	2	https://portalrotulosfechamento.eastus.cloudapp.azure.com/nfedown.php?dw=
Details	Url	2	https://servicosemitidosglobalnfe.southcentralus.cloudapp.azure.com/nfedown.php?dw=
Details	Url	2	https://emissaocomprovanteatrasado.eastus.cloudapp.azure.com/nfedown.php?dw=
Details	Url	2	https://emitidasfaturasfevereiro.brazilsouth.cloudapp.azure.com/nfedown.php?dw=
Details	Url	2	https://dinamicoscontratosvencidos.brazilsouth.cloudapp.azure.com/nfedown.php?dw=
Details	Url	2	https://arquivosemitidoscomsucesso.eastus.cloudapp.azure.com/nfedown.php?dw=
Details	Url	2	https://fatura-digital-arquiv-lo.brazilsouth.cloudapp.azure.com/nfedown.php?dw=
Details	Url	2	https://nota-eletronica-servicos.brazilsouth.cloudapp.azure.com/nfedown.php?dw=
Details	Url	2	https://eletronicadanfe.brazilsouth.cloudapp.azure.com/nfedown.php?dw=
Details	Url	2	http://tasoofile.us-east-1.elasticbeanstalk.com/count
Details	Url	2	http://slkvemnemim.us-east-1.elasticbeanstalk.com/count
Details	Url	2	http://checa-env.cf3tefmhmr.eu-north-1.elasticbeanstalk.com/cnt
Details	Url	2	http://comunicador.duckdns.org/catalista/emails/checkuser.php
Details	Url	2	http://comunicador.duckdns.org/catalista/lixo/index.php