← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
A multi-stage banking Trojan abusing the Squirrel installer
WHITE AlienVault 2024-02-08 Modified: 2024-02-08
15
IOCs
MEDIUM VOLUME
A new banking Trojan called Coyote utilizes the Squirrel installer for distribution and leverages NodeJS and the Nim programming language as a loader to infect victims. It specifically targets users of over 60 banking institutions in Brazil. Coyote achieves persistence by abusing Windows logon scripts and monitors banking applications, sending info to C2 servers which respond with actions like keylogging and screenshots.
brazilnimcoyotefinancial malwaresquirrelnodejstrojan
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Coyote
Indicators of Compromise (4 / 15 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 071b6efd6d3ace1ad23ee0d6d3eead76 2024-02-08
FileHash-MD5 276f14d432601003b6bf0caa8cd82fec 2024-02-08
FileHash-MD5 5134e6925ff1397fdda0f3b48afec87b 2024-02-08
FileHash-MD5 bf9c9cc94056bcdae6e579e724e8dbbd 2024-02-08
References (1)
↗ https://securelist.com/coyote-multi-stage-banking-trojan/111846/