ioc[.]one - OSINT Cyber Threat Intelligence Database

NovaLoader—A Brazilian Banking Malware | Zscaler Blog

Tags

maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Credentials - T1589.001 Dynamic Dns - T1311 Dynamic Dns - T1333 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Rundll32 - T1218.011 Server - T1583.004 Server - T1584.004 Software - T1592.002 Visual Basic - T1059.005 Powershell - T1086 Rundll32 - T1085 Scripting - T1064 Windows Management Instrumentation - T1047 Scripting

Show in Graph

Common Information

Type	Value
UUID	cce4d1d0-032f-4972-acc7-7e84457683f9
Fingerprint	ac472908a1af0684
Analysis status	DONE
Considered CTI value	2
Text language
Published	April 24, 2019, midnight
Added to db	Jan. 19, 2023, 12:03 a.m.
Last updated	Nov. 17, 2024, 6:54 p.m.
Headline	NovaLoader, yet another Brazilian banking malware family
Title	NovaLoader—A Brazilian Banking Malware \| Zscaler Blog
Detected Hints/Tags/Attributes	43/2/67

Source URLs

	Redirection	Url
Details	Source	https://www.zscaler.com/blogs/research/novaloader-yet-another-brazilian-banking-malware-family

URL Provider

Details	Provider	Source level domain
Details	zscaler.com	www.zscaler.com

Attributes

Details	Type	#Events	Value
Details	Domain	1	dwosgraumellsa.club
Details	Domain	1	32atendimentodwosgraumell.club
Details	Domain	1	mi5a1.zip
Details	Domain	1	mi5asq.zip
Details	Domain	1	sq.zip
Details	Domain	1	www.bancoguanabara.com.br
Details	Domain	1	wn5zweb.online
Details	File	1	cabaco2.txt
Details	File	1	contaw.php
Details	File	1018	rundll32.exe
Details	File	5	magnification.dll
Details	File	1	mi5a.php
Details	File	12	4.zip
Details	File	1	mi5a1.zip
Details	File	45	1.zip
Details	File	1	mi5asq.zip
Details	File	1	sq.zip
Details	File	1	contaw2.php
Details	File	1	contaw3.php
Details	File	1	contaw4.php
Details	File	1	contaw5.php
Details	File	1	contaw6.php
Details	File	1	contaw7.php
Details	File	1	dst.exe
Details	File	1	mwg.dll
Details	File	1	winx86.dll
Details	File	1	prt1.txt
Details	File	1	prt3.txt
Details	File	1	works1.txt
Details	File	1	vdb1.txt
Details	File	1	gdo1.txt
Details	md5	1	4ef89349a52f9fcf9a139736e236217e
Details	md5	1	51138BEEA3E2C21EC44D0932C71762A8
Details	md5	1	3DC26D510907EAAC8FDC853D5F378A83
Details	md5	1	A34F1D7ED718934185EC96984E232784
Details	md5	1	89473D02FEB24CE5BDE8F7A559631351
Details	md5	1	F3F571288CDE445881102E385BF3471F
Details	md5	1	8C03B522ACB4DDC7F07AB391E79F1601
Details	md5	1	F3D4520313D05C66CEBA8BDA748C0EA9
Details	md5	1	87F9E5A6318AC1EC5EE05AA94A919D7A
Details	md5	1	60e5f9fe1b778b4dc928f9d4067b470b
Details	md5	1	100ff8b5eeed3fba85a1f64db319ff40
Details	md5	1	99471d4f03fb5ac5a409a79100cd9349
Details	md5	1	cb2ef5d8a227442d0156de82de526b30
Details	md5	1	a16273279d6fe8fa12f37c57345d42f7
Details	md5	1	ac4152492e9a2c4ed1ff359ee7e990d1
Details	md5	1	fdace867e070df4bf3bdb1ed0dbdb51c
Details	md5	1	4d5d1dfb84ef69f7c47c68e730ec1fb7
Details	md5	1	6bf65db5511b06749711235566a6b438
Details	md5	1	c5a573d622750973d90af054a09ab8dd
Details	md5	1	ef5f2fd7b0262a5aecc32e879890fb40
Details	md5	1	35803b81efc043691094534662e1351c
Details	md5	1	34340c9045d665b800fcdb8c265eebec
Details	md5	1	a71e09796fb9f8527afdfdd29c727787
Details	md5	1	5a9f779b9cb2b091c9c1eff32b1f9754
Details	md5	1	a7117788259030538601e8020035867e
Details	md5	1	cb9f95cec3debc96ddc1773f6c681d8c
Details	md5	1	a7722ea1ca64fcd7b7ae2d7c86f13013
Details	IPv4	1	54.95.36.242
Details	IPv4	1	185.141.195.5
Details	IPv4	1	185.141.195.81
Details	IPv4	1	185.141.195.74
Details	IPv4	1	23.94.243.101
Details	IPv4	1	167.114.31.95
Details	IPv4	1	167.114.31.93
Details	Url	1	http://54.95.36.242/contaw.php
Details	Url	1	http://www.bancoguanabara.com.br