Coyote Banking Trojan Targets LATAM with a Focus on Brazilian Financial Institutions

Date: 07/09/2024

Severity: Medium

Summary

The expansion of global trade and the burgeoning Latin American (LATAM) market has amplified its allure to cyber criminals. Highlighted in the World Economic Forum's January 2024 Global Cybersecurity Outlook report, LATAM exhibits a notable prevalence of "insufficiently cyber-resilient organizations," with governments and financial sectors particularly vulnerable to attacks.

Indicators of Compromise (IOC) List

URLs / Domains

cloridatosys.com

flogoral.com

formitamina.com

bilatex.com

autoglobalcar.com

atendesolucao.com

angelcallcenter.com

servicoasso.com

dowfinanceiro.com

centralsolucao.com

gargamellojas.com

carrodenatal.com

marvelnatal.com

nograusistema.com

navegacaodura.com

jogodequadra.com

carrosantigo.com

bermatechcliente.com

IP Address

N/A

Hash

096d7765f278bb0de33fbfa0a15413a2432060d09c99f15c6ca900a6a8a46365

9c6fc9e0854eaf5a0720caab1646f48c7992f6f4051438004598af89102a49eb

e0b65087cc83b899d53c153fcfd1420d15e369c3d196325396b50cb75681c27d

485c8bfae3e5c150012e1d630f5d9ae37b786d4b750a9a0adf2b174b7ab85c65

16cc13258a3e63be247c9adf18def0369bb72197bdb3668142bc50a6656047af

2bd6bbe48d0328e4011ce3053e616664a4eb2bf43bd5762cb03be297f786b068

287b39f40ed541585c968b6529c44e9ccdd899bca0b88457907d994c2b5013f4

341a1945f606bcf4c25bce9b850dbddc5125376156cb7f8d14c6ce6bc4b396c3

9160ca25889427b2c2da4d4b14c4a93a707efc2ce07a49d5b8ab1a7f9be8ab55

2d8b10e35c2c2d9675ec693558629450eeee2c8e38f491d38c42de96bddf317a

112edf53d4c560ab71f1b20856ec4d6096e0ea42b0271526b3415c3563300f06

3cbc282c6a51edff4e762267332e1ff2a503f7ba8a7b2a10c9ff404a7bda913b

aedffb9cf780bb52c68586ceb238fcaf90253524f06a4a338edc6437409e51c5

2b428df6f76d36ceeebfd37df65ab7893cb6f526afeb9e4494829628f0b9cae8

ae6676ad5b8ba386e88ae045eacc05225a657360963844cdf18db6a45318ea89

ce07ef596772e9cfa6f41000f27244f6f750527639a26c6be0b73033a8e41883

c0833babb2982e36ac7646f7539f6a235a42bcf5375bc080d3ac9d031dc3b903

d44f4db6680d178437e9cfba010ac049f80e5eddf43b3977da819119bb6ca06d

504a5902f20d0a7e3968251849cd88acd31e7fc895fc18d5c82076c5388df5bd

8e614368f99f955c75752df597f97de1dd51b4f0dfeeadc76e1badcc7ca57fc2

3cc58b46d0babd561508d7b67c609e0e9be9a35db9425f1e8a29512a5229665a

5656501522adfe1b08f58cccc1e187cbb7099ef1193a62edd5dfe0d32da4cd7a

fb8353e718397dcabd11d9bd8a500ffd54e2a57ac4722a34241757c60ba2bdff

ae65738fa81be0b2cfe2f63209db9ed5b928b4b5a1a703ce2a89699a6f192f07

5b3421beb6aaf3fd16831e1456475acac4f8e7c863869fb4d5dc9b1ae0576ef3

6b7a014d0674fe5f145aa2c5dc7674d42e5306d82c3fe7ab0235dcbfd559725f

d96c3e8dc899948bf92c377bb4872b19b5983b6eb2d59f00019345293601843c

2a54b7f1327398ccd1c538759201e8699dfad7c53e8e095ea782d862ec48cb92

90ffb18c9d05bf6a61d90c57f299b70702c0e65dac90349b06d5e6833d6d2612

4869fcfda9be32f3cdd48c21bda07aefde496c5f06f235f33ce948169e9744e5

3edcf6a6b6cb254f72f0f2607fa4bb2ecb604475b448c9487e89fc76eb8f896e

a0d2c87f4ed6522fdcd8c8d234dca9c7e8831de5faa9445275405ddd0a9104cc

6da5f450f3124e30e8091fda443cb416d29eab4e166a777263e004758acf2e69

10af5c8950b8802851afe96b423d20408b618f80ab54c1a5aef0f1a04c36f331

f6ed73bed9e6b992dbfdee64ff8c9dfde5e3f12c3ec6bbb4e2367fbd2ce75b6f

1ba49976a6e596abb68e2f7ca37407930330a4bf0bd25207057c5a60cb3a4107

798fb8de9bb0434ee0b172793f5b68eb593054538cf5ec96e71a5a0759f6bcc5

c057145da9481a4fff50e69b7e746c19cc95e2d33331539b6b62077169bc4b42

fcb8f32502147dbf8ef44ad99a41d9eaf639bb3d22c4de92a3022f501c9d8cb6

0dea05062d6527ab03f80de87488d278dd333167cdabdf5ef28da760bf252863

3a14ab878697453832306a836e67915d7475481307c65268ceb1f900ff4ec25a

eb615c093e9b52ed409f426764857e6e42aa85e02adef59d6f1457dcbb90bb40

1bed3755276abd9b54db13882fcf29c543ebf604be3b7fcf060cbd6d68bcd23f

4806617bbc8187a89d5ed73cb818853e306d3699f87bd09940b0ecffdc96091d

1d59bc782e532780da0364b14a1b474a8cb8a5af50c8124159bf5d943bd050f7

Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection

URLs / Domains

userdomainname IN ("carrodenatal.com","servicoasso.com","nograusistema.com","autoglobalcar.com","flogoral.com","angelcallcenter.com","formitamina.com","navegacaodura.com","carrosantigo.com","cloridatosys.com","jogodequadra.com","atendesolucao.com","centralsolucao.com","bermatechcliente.com","marvelnatal.com","dowfinanceiro.com","bilatex.com","gargamellojas.com") or url IN ("carrodenatal.com","servicoasso.com","nograusistema.com","autoglobalcar.com","flogoral.com","angelcallcenter.com","formitamina.com","navegacaodura.com","carrosantigo.com","cloridatosys.com","jogodequadra.com","atendesolucao.com","centralsolucao.com","bermatechcliente.com","marvelnatal.com","dowfinanceiro.com","bilatex.com","gargamellojas.com")

IP address

N/A

Hash

sha256hash IN ("10af5c8950b8802851afe96b423d20408b618f80ab54c1a5aef0f1a04c36f331","c0833babb2982e36ac7646f7539f6a235a42bcf5375bc080d3ac9d031dc3b903","112edf53d4c560ab71f1b20856ec4d6096e0ea42b0271526b3415c3563300f06","aedffb9cf780bb52c68586ceb238fcaf90253524f06a4a338edc6437409e51c5","90ffb18c9d05bf6a61d90c57f299b70702c0e65dac90349b06d5e6833d6d2612","c057145da9481a4fff50e69b7e746c19cc95e2d33331539b6b62077169bc4b42","3cc58b46d0babd561508d7b67c609e0e9be9a35db9425f1e8a29512a5229665a","287b39f40ed541585c968b6529c44e9ccdd899bca0b88457907d994c2b5013f4","1ba49976a6e596abb68e2f7ca37407930330a4bf0bd25207057c5a60cb3a4107","341a1945f606bcf4c25bce9b850dbddc5125376156cb7f8d14c6ce6bc4b396c3","3a14ab878697453832306a836e67915d7475481307c65268ceb1f900ff4ec25a","3cbc282c6a51edff4e762267332e1ff2a503f7ba8a7b2a10c9ff404a7bda913b","6da5f450f3124e30e8091fda443cb416d29eab4e166a777263e004758acf2e69","5656501522adfe1b08f58cccc1e187cbb7099ef1193a62edd5dfe0d32da4cd7a","2a54b7f1327398ccd1c538759201e8699dfad7c53e8e095ea782d862ec48cb92","485c8bfae3e5c150012e1d630f5d9ae37b786d4b750a9a0adf2b174b7ab85c65","fb8353e718397dcabd11d9bd8a500ffd54e2a57ac4722a34241757c60ba2bdff","16cc13258a3e63be247c9adf18def0369bb72197bdb3668142bc50a6656047af","ce07ef596772e9cfa6f41000f27244f6f750527639a26c6be0b73033a8e41883","6b7a014d0674fe5f145aa2c5dc7674d42e5306d82c3fe7ab0235dcbfd559725f","798fb8de9bb0434ee0b172793f5b68eb593054538cf5ec96e71a5a0759f6bcc5","1bed3755276abd9b54db13882fcf29c543ebf604be3b7fcf060cbd6d68bcd23f","0dea05062d6527ab03f80de87488d278dd333167cdabdf5ef28da760bf252863","096d7765f278bb0de33fbfa0a15413a2432060d09c99f15c6ca900a6a8a46365","5b3421beb6aaf3fd16831e1456475acac4f8e7c863869fb4d5dc9b1ae0576ef3","fcb8f32502147dbf8ef44ad99a41d9eaf639bb3d22c4de92a3022f501c9d8cb6","2d8b10e35c2c2d9675ec693558629450eeee2c8e38f491d38c42de96bddf317a","ae65738fa81be0b2cfe2f63209db9ed5b928b4b5a1a703ce2a89699a6f192f07","3edcf6a6b6cb254f72f0f2607fa4bb2ecb604475b448c9487e89fc76eb8f896e","4806617bbc8187a89d5ed73cb818853e306d3699f87bd09940b0ecffdc96091d","8e614368f99f955c75752df597f97de1dd51b4f0dfeeadc76e1badcc7ca57fc2","9c6fc9e0854eaf5a0720caab1646f48c7992f6f4051438004598af89102a49eb","eb615c093e9b52ed409f426764857e6e42aa85e02adef59d6f1457dcbb90bb40","504a5902f20d0a7e3968251849cd88acd31e7fc895fc18d5c82076c5388df5bd","1d59bc782e532780da0364b14a1b474a8cb8a5af50c8124159bf5d943bd050f7","d44f4db6680d178437e9cfba010ac049f80e5eddf43b3977da819119bb6ca06d","a0d2c87f4ed6522fdcd8c8d234dca9c7e8831de5faa9445275405ddd0a9104cc","f6ed73bed9e6b992dbfdee64ff8c9dfde5e3f12c3ec6bbb4e2367fbd2ce75b6f","e0b65087cc83b899d53c153fcfd1420d15e369c3d196325396b50cb75681c27d","9160ca25889427b2c2da4d4b14c4a93a707efc2ce07a49d5b8ab1a7f9be8ab55","d96c3e8dc899948bf92c377bb4872b19b5983b6eb2d59f00019345293601843c","4869fcfda9be32f3cdd48c21bda07aefde496c5f06f235f33ce948169e9744e5","2bd6bbe48d0328e4011ce3053e616664a4eb2bf43bd5762cb03be297f786b068","2b428df6f76d36ceeebfd37df65ab7893cb6f526afeb9e4494829628f0b9cae8","ae6676ad5b8ba386e88ae045eacc05225a657360963844cdf18db6a45318ea89")

Reference:

https://blogs.blackberry.com/en/2024/07/coyote-banking-trojan-targets-latam-with-a-focus-on-brazilian-financial-institutions

Coyote Banking Trojan Targets LATAM with a Focus on Brazilian Financial Institutions

Summary

Indicators of Compromise (IOC) List

Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection

Share This

Comments