← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Inside Banana RAT: From Build Server to Banking Fraud
WHITE SHADOW-WATER-063 Tr1sa111 2026-05-21 Modified: 2026-05-21
11
IOCs
MEDIUM VOLUME
fastapipix qr interceptionmekotiograndoreirobrazilian banking trojanguildmatetradepowershellfinancial fraudcasbaneirobanana ratchavecloakpolymorphic payload
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Banana RAT Grandoreiro - S0531 Mekotio Metamorfo - S0455 Casbaneiro Astaroth - S0373 Guildma CHAVECLOAK
Indicators of Compromise (4 / 11 total)
All FileHash-SHA256 IPv4 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA256 38dfeb772afbd01c04eddda120d283acfb1147a6dc3d54ac62fe23ad06e39d8f 2026-05-21
FileHash-SHA256 4912b1134e69ade7266e8508eec33ccb2d80ad693f1dbc4f1f4344c6dfcf2ff1 2026-05-21
FileHash-SHA256 d7545b6dacebdae27effb3c778c5e349027ec789c76ae4f777bd9ba56a70cdaa 2026-05-21
FileHash-SHA256 ecdc8fade561a75d68235859ad8b1fe131db2c458b4894268e38e90ecab1c47f 2026-05-21
References (1)
↗ https://www.trendmicro.com/en_us/research/26/e/banana-rat.html