← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
A multi-stage banking Trojan abusing the Squirrel installer
WHITE AlienVault 2024-02-08 Modified: 2024-02-08
15
IOCs
MEDIUM VOLUME
A new banking Trojan called Coyote utilizes the Squirrel installer for distribution and leverages NodeJS and the Nim programming language as a loader to infect victims. It specifically targets users of over 60 banking institutions in Brazil. Coyote achieves persistence by abusing Windows logon scripts and monitors banking applications, sending info to C2 servers which respond with actions like keylogging and screenshots.
brazilnimcoyotefinancial malwaresquirrelnodejstrojan
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Coyote
Indicators of Compromise (15)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 071b6efd6d3ace1ad23ee0d6d3eead76 2024-02-08
FileHash-MD5 276f14d432601003b6bf0caa8cd82fec 2024-02-08
FileHash-MD5 5134e6925ff1397fdda0f3b48afec87b 2024-02-08
FileHash-MD5 bf9c9cc94056bcdae6e579e724e8dbbd 2024-02-08
FileHash-SHA1 bd30ada16bfd7de0224bbdaa67245f898546a8bb 2024-02-08
FileHash-SHA1 ee340d0cc2f5f807845a87ef8ff46579a8701939 2024-02-08
FileHash-SHA256 1bed3755276abd9b54db13882fcf29c543ebf604be3b7fcf060cbd6d68bcd23f 2024-02-08
FileHash-SHA256 eb615c093e9b52ed409f426764857e6e42aa85e02adef59d6f1457dcbb90bb40 2024-02-08
domain atendesolucao.com 2024-02-08
domain centralsolucao.com 2024-02-08
domain diadaacaodegraca.com 2024-02-08
domain dowfinanceiro.com 2024-02-08
domain segurancasys.com 2024-02-08
domain servicoasso.com 2024-02-08
domain traktinves.com 2024-02-08
References (1)
↗ https://securelist.com/coyote-multi-stage-banking-trojan/111846/