The Perfect ‘Inside Job’ Banking Malware - Check Point Research
Tags
| country: | Brazil Portugal |
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Data Credentials - T1589.001 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Server - T1583.004 Server - T1584.004 Software - T1592.002 |
Common Information
| Type | Value |
|---|---|
| UUID | c890628b-c539-4c72-bef9-e191d0cef9ad |
| Fingerprint | fc254f138ca387c5 |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | Oct. 19, 2017, 12:01 a.m. |
| Added to db | Jan. 18, 2023, 10:15 p.m. |
| Last updated | Nov. 17, 2024, 6:55 p.m. |
| Headline | The Perfect ‘Inside Job’ Banking Malware |
| Title | The Perfect ‘Inside Job’ Banking Malware - Check Point Research |
| Detected Hints/Tags/Attributes | 55/3/52 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://research.checkpoint.com/perfect-inside-job-banking-malware/ |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | aapj.bb.com.br |
|
| Details | Domain | 1 | www.santandernetibe.com.br |
|
| Details | Domain | 1 | www.ib2.bradesco.com.br |
|
| Details | Domain | 1 | ww7.banrisul.com.br |
|
| Details | Domain | 1 | wwws5.hsbc.com.br |
|
| Details | Domain | 1 | internetbanking.caixa.gov.br |
|
| Details | Domain | 5 | bancobrasil.com.br |
|
| Details | Domain | 1 | www.santanderempresarial.com.br |
|
| Details | Domain | 2 | www.santandernet.com.br |
|
| Details | Domain | 1 | www.brasil.citibank.com |
|
| Details | Domain | 6 | index.do |
|
| Details | Domain | 1 | internet.sicreditotal.com.br |
|
| Details | Domain | 1 | ibpf.sicredi.com.br |
|
| Details | Domain | 1 | wwws3.hsbc.com.br |
|
| Details | Domain | 1 | ib.sicoobnet.com.br |
|
| Details | Domain | 5 | itau.com.br |
|
| Details | Domain | 2 | www.citibank.com.br |
|
| Details | Domain | 1 | www.ne2.bradesconetempresa.b.br |
|
| Details | Domain | 1 | ww8.banrisul.com.br |
|
| Details | File | 1 | vprintproxy.exe |
|
| Details | File | 3 | vm.png |
|
| Details | File | 3 | vmwarebase.dll |
|
| Details | File | 3 | prs.png |
|
| Details | File | 1260 | explorer.exe |
|
| Details | File | 380 | notepad.exe |
|
| Details | File | 2 | gbs.png |
|
| Details | File | 1 | c:\users\public\administrator\car.dat |
|
| Details | File | 137 | conhost.exe |
|
| Details | File | 117 | taskmgr.exe |
|
| Details | File | 19 | msconfig.exe |
|
| Details | File | 79 | regedit.exe |
|
| Details | File | 10 | ccleaner.exe |
|
| Details | File | 8 | ccleaner64.exe |
|
| Details | File | 55 | dwm.exe |
|
| Details | File | 263 | iexplore.exe |
|
| Details | File | 199 | firefox.exe |
|
| Details | File | 271 | chrome.exe |
|
| Details | File | 73 | opera.exe |
|
| Details | File | 23 | safari.exe |
|
| Details | File | 1 | netexpress50.exe |
|
| Details | File | 2 | aplicativobradesco.exe |
|
| Details | File | 6 | itauaplicativo.exe |
|
| Details | File | 13 | office.exe |
|
| Details | File | 44 | javaw.exe |
|
| Details | File | 1 | identificacao.js |
|
| Details | File | 1 | brbwe4hw.aspx |
|
| Details | File | 1 | hsbc-online-cnb.html |
|
| Details | File | 24 | login.jsp |
|
| Details | File | 1 | bklcom.dll |
|
| Details | File | 4 | home.js |
|
| Details | File | 8 | login.js |
|
| Details | Windows Registry Key | 1 | HKCU\Software\Trilian |