Movatterモバイル変換

[0]ホーム
URL:

  1. Home
  2. Groups
  3. Malteiro

Malteiro

Malteiro is a financially motivated criminal group that is likely based in Brazil and has been active since at least November 2019. The group operates and distributes theMispadu banking trojan via a Malware-as-a-Service (MaaS) business model.Malteiro mainly targets victims throughout Latin America (particularly Mexico) and Europe (particularly Spain and Portugal).[1]

ID: G1026
Contributors: Daniel Fernando Soriano Espinosa; SCILabs
Version: 1.0
Created: 13 March 2024
Last Modified: 29 March 2024
Enterprise Layer
downloadview

Techniques Used

DomainIDNameUse
EnterpriseT1059.005Command and Scripting Interpreter:Visual Basic

Malteiro has utilized a dropper containing malicious VBS scripts.[1]

EnterpriseT1555Credentials from Password Stores

Malteiro has obtained credentials from mail clients via NirSoft MailPassView.[1]

.003Credentials from Web Browsers

Malteiro has stolen credentials stored in the victim’s browsers via software tool NirSoft WebBrowserPassView.[1]

EnterpriseT1140Deobfuscate/Decode Files or Information

Malteiro has the ability to deobfuscate downloaded files prior to execution.[1]

EnterpriseT1657Financial Theft

Malteiro targets organizations in a wide variety of sectors via the use ofMispadu banking trojan with the goal of financial theft.[1]

EnterpriseT1027.013Obfuscated Files or Information:Encrypted/Encoded File

Malteiro has used scripts encoded in Base64 certificates to distribute malware to victims.[2]

EnterpriseT1566.001Phishing:Spearphishing Attachment

Malteiro has sent spearphishing emails containing malicious .zip files.[1]

EnterpriseT1055.001Process Injection:Dynamic-link Library Injection

Malteiro has injectedMispadu’s DLL into a process.[1]

EnterpriseT1518.001Software Discovery:Security Software Discovery

Malteiro collects the installed antivirus on the victim machine.[1]

EnterpriseT1082System Information Discovery

Malteiro collects the machine information, system architecture, the OS version, computer name, and Windows product name.[1]

EnterpriseT1614.001System Location Discovery:System Language Discovery

Malteiro will terminateMispadu's infection process if the language of the victim machine is not Spanish or Portuguese.[1]

EnterpriseT1204.002User Execution:Malicious File

Malteiro has relied on users to execute .zip file attachments containing malicious URLs.[1]

Software

IDNameReferencesTechniques
S1122Mispadu[1]Boot or Logon Autostart Execution:Registry Run Keys / Startup Folder,Browser Information Discovery,Clipboard Data,Command and Scripting Interpreter:Visual Basic,Credentials from Password Stores:Credentials from Web Browsers,Credentials from Password Stores,Deobfuscate/Decode Files or Information,Encrypted Channel:Asymmetric Cryptography,Exfiltration Over C2 Channel,File and Directory Discovery,Input Capture:Keylogging,Input Capture:GUI Input Capture,Native API,Obfuscated Files or Information:Encrypted/Encoded File,Phishing:Spearphishing Link,Process Discovery,Process Injection,Screen Capture,Software Discovery:Security Software Discovery,Software Extensions:Browser Extensions,System Binary Proxy Execution:Msiexec,System Binary Proxy Execution:Rundll32,System Information Discovery,System Location Discovery:System Language Discovery,User Execution:Malicious File,Virtualization/Sandbox Evasion:System Checks

References

×
[8]ページ先頭
©2009-2026 Movatter.jp