← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
ACTIVIDAD MALICIOSA | Relacionada con troyano bancario "Coyote" 05-02-2024
WHITE esoporteingenieria2020 2025-02-05 Modified: 2025-02-05
19
IOCs
MEDIUM VOLUME
Coyote es un troyano bancario diseñado para robar información financiera, específicamente de más de 60 bancos brasileños. Su infección comienza con la utilización de Squirrel, un instalador legítimo, para ejecutar código JavaScript ofuscado que permite la carga lateral de DLL maliciosas. Una vez en el sistema, el malware establece persistencia y se conecta a su servidor de C&C para monitorear aplicaciones financieras y extraer credenciales mediante técnicas como keylogging, superposiciones de phishing y manipulación de ventanas.
accessta0001 initialta0005 defenset1003 ost1005 datalocal systemt1055 processinjectiont1056 inputcapture
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Coyote
Indicators of Compromise (19)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 071b6efd6d3ace1ad23ee0d6d3eead76 MD5 of 110b616bc12c29b070b0dc60c197a4d63b3e3caae6bb80a25b8864489a51da79 2025-02-05
FileHash-MD5 276f14d432601003b6bf0caa8cd82fec MD5 of 1bed3755276abd9b54db13882fcf29c543ebf604be3b7fcf060cbd6d68bcd23f 2025-02-05
FileHash-MD5 5134e6925ff1397fdda0f3b48afec87b MD5 of 1d59bc782e532780da0364b14a1b474a8cb8a5af50c8124159bf5d943bd050f7 2025-02-05
FileHash-MD5 bf9c9cc94056bcdae6e579e724e8dbbd MD5 of eb615c093e9b52ed409f426764857e6e42aa85e02adef59d6f1457dcbb90bb40 2025-02-05
FileHash-SHA1 076b4c3a7cb4c5847b197e32a2849c460a40d84d SHA1 of 110b616bc12c29b070b0dc60c197a4d63b3e3caae6bb80a25b8864489a51da79 2025-02-05
FileHash-SHA1 bd30ada16bfd7de0224bbdaa67245f898546a8bb SHA1 of 1bed3755276abd9b54db13882fcf29c543ebf604be3b7fcf060cbd6d68bcd23f 2025-02-05
FileHash-SHA1 e443dc35f4d1456284d93463392f137e9c9eb883 SHA1 of 1d59bc782e532780da0364b14a1b474a8cb8a5af50c8124159bf5d943bd050f7 2025-02-05
FileHash-SHA1 ee340d0cc2f5f807845a87ef8ff46579a8701939 SHA1 of eb615c093e9b52ed409f426764857e6e42aa85e02adef59d6f1457dcbb90bb40 2025-02-05
FileHash-SHA256 110b616bc12c29b070b0dc60c197a4d63b3e3caae6bb80a25b8864489a51da79 2025-02-05
FileHash-SHA256 1bed3755276abd9b54db13882fcf29c543ebf604be3b7fcf060cbd6d68bcd23f 2025-02-05
FileHash-SHA256 1d59bc782e532780da0364b14a1b474a8cb8a5af50c8124159bf5d943bd050f7 2025-02-05
FileHash-SHA256 eb615c093e9b52ed409f426764857e6e42aa85e02adef59d6f1457dcbb90bb40 2025-02-05
domain atendesolucao.com 2025-02-05
domain centralsolucao.com 2025-02-05
domain diadaacaodegraca.com 2025-02-05
domain dowfinanceiro.com 2025-02-05
domain segurancasys.com 2025-02-05
domain servicoasso.com 2025-02-05
domain traktinves.com 2025-02-05
References (2)
↗ https://darfe.es/ciberwiki/index.php?title=Coyote ↗ https://www.virustotal.com/graph/embed/ga2edcf8873ee488dabfad5df88b99251adcff929e62f465f9de37edcbdf7a923?theme=dark