← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
TCLBANKER: Brazilian Banking Trojan Spreading via WhatsApp and Outlook — Elastic Security Labs
WHITE CyberHunter_NL 2026-05-11 Modified: 2026-05-11
25
IOCs
MEDIUM VOLUME
tclbankercloudflareref3076whatsapp weboutlook emailwhatsapp botx32dbgcom interopmachinenameusernamewormbypassnextverifyilspycheatenginepersistencekilldeltaenumeratecontact
Indicators of Compromise (25)
All IPv4 FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
IPv4 191.96.224.96 CC=BR ASN=AS270353 tyna host - datacenter no brasil 2026-05-11
FileHash-MD5 1b143123e7d27f4e9eb429afe465c483 MD5 of 668f932433a24bbae89d60b24eee4a24808fc741f62c5a3043bb7c9152342f40 2026-05-11
FileHash-MD5 87d4f447e11e571dc12f8d1985299ad0 MD5 of 63beb7372098c03baab77e0dfc8e5dca5e0a7420f382708a4df79bed2d900394 2026-05-11
FileHash-MD5 d2ca15781ebc104a7031c8982dafa8ab MD5 of 8a174aa70a4396547045aef6c69eb0259bae1706880f4375af71085eeb537059 2026-05-11
FileHash-MD5 e0d1eedaa0c1f98f50726df729594edc MD5 of 701d51b7be8b034c860bf97847bd59a87dca8481c4625328813746964995b626 2026-05-11
FileHash-SHA1 22f6e2b777f86fe5445a5823b988c5618ed05317 SHA1 of 668f932433a24bbae89d60b24eee4a24808fc741f62c5a3043bb7c9152342f40 2026-05-11
FileHash-SHA1 4544e11195c4ccea90a0482a6ab2d38cc0e5f253 SHA1 of 8a174aa70a4396547045aef6c69eb0259bae1706880f4375af71085eeb537059 2026-05-11
FileHash-SHA1 5c9a4742edde81e56dc3ca7367e085187a7f0dda SHA1 of 63beb7372098c03baab77e0dfc8e5dca5e0a7420f382708a4df79bed2d900394 2026-05-11
FileHash-SHA1 91fafaa1240676afe5c55d931261e3798797c408 2026-05-11
FileHash-SHA1 94f21c140afd18b43d5a0f274216545442b3f6cd SHA1 of 701d51b7be8b034c860bf97847bd59a87dca8481c4625328813746964995b626 2026-05-11
FileHash-SHA256 63beb7372098c03baab77e0dfc8e5dca5e0a7420f382708a4df79bed2d900394 2026-05-11
FileHash-SHA256 668f932433a24bbae89d60b24eee4a24808fc741f62c5a3043bb7c9152342f40 2026-05-11
FileHash-SHA256 701d51b7be8b034c860bf97847bd59a87dca8481c4625328813746964995b626 2026-05-11
FileHash-SHA256 8a174aa70a4396547045aef6c69eb0259bae1706880f4375af71085eeb537059 2026-05-11
URL http://mxtestacionamentos.com/ws 2026-05-11
URL https://arquivos-omie.com 2026-05-11
domain afonsoferragista.com 2026-05-11
domain arquivos-omie.com 2026-05-11
domain doccompartilhe.com 2026-05-11
domain documentos-online.com 2026-05-11
domain mxtestacionamentos.com 2026-05-11
domain recebamais.com 2026-05-11
domain saogeraldoshiping.com 2026-05-11
domain worker.dev 2026-05-11
hostname window.navigator.chrome 2026-05-11
References (1)
↗ https://www.elastic.co/security-labs/tclbanker-brazilian-banking-trojan