← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Inside Banana RAT: From Build Server to Banking Fraud
WHITE SHADOW-WATER-063 Tr1sa111 2026-05-21 Modified: 2026-05-21
11
IOCs
MEDIUM VOLUME
fastapipix qr interceptionmekotiograndoreirobrazilian banking trojanguildmatetradepowershellfinancial fraudcasbaneirobanana ratchavecloakpolymorphic payload
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Banana RAT Grandoreiro - S0531 Mekotio Metamorfo - S0455 Casbaneiro Astaroth - S0373 Guildma CHAVECLOAK
Indicators of Compromise (3 / 11 total)
All FileHash-SHA256 IPv4 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
URL http://24.199.90.58/payload.php 2026-05-21
URL http://24.199.90.58:80/payload.php 2026-05-21
URL https://convitemundial2026.com/Consultar_NF-e.bat 2026-05-21
References (1)
↗ https://www.trendmicro.com/en_us/research/26/e/banana-rat.html