This study focuses on the Grandoreiro malware, a trojan linked to different campaigns affecting the banking sector.
This study contains a detailed technical report, carried out after the analysis of a sample found as a result of indicators obtained from different information sources, with the aim of identifying the infection methods used by the threat, its functionalities and actions carried out step by step, as well as the protection techniques used to circumvent security controls.
A number of IOCs, as well as Yara rules, are also available in this analysis to assist in the detection of samples belonging to this banking malware.
The technical report includes:
- Infection methods.
- Programming language, functions and mode of operation.
- Protection methods of the trojan.
- Detection and disinfection methods.