Client Maxmius Banking Trojan targeting Brazilian Users

#30935 by c0d3inj3cT
Mon Oct 23, 2017 9:40 am

Client Maximus Banking Trojan is an interesting modular Banking Trojan that involves several layers to perform malicious activities.

Attack flow is: RAR -> LNK -> Powershell -> .NET modules downloaded and executed.

It includes a Geo IP check as well for Brazil.

RAR file MD5 hash: d1ae4ff4f632d4f5e310ca17b084b55e

http://www.pwncode.club/2017/10/client- ... tacks.html
https://securityintelligence.com/brazil ... he-mayhem/

Username

c0d3inj3cT

Posts

Joined

Thu Jan 02, 2014 6:29 am

Location

c0d3inj3ct@Twitter

Contact

Re: Client Maxmius Banking Trojan targeting Brazilian Users

#30938 by maddog4012
Mon Oct 23, 2017 12:37 pm

binary attached

Attachments

Anexo-297349266.zip

pw virus
(1.1 KiB) Downloaded 32 times

Username

maddog4012

Posts

Joined

Mon Aug 04, 2014 6:53 pm

Re: Client Maxmius Banking Trojan targeting Brazilian Users

#30939 by Ludvig
Mon Oct 23, 2017 3:02 pm

can you share anothe files which malware was downloading

Code: Select all

/?fn
/?exe
/?cfg
/?bin
/?dll32
/?dll64
/?t
/?dllb
/?dllf

Attachments

loader.7z

(4.35 KiB) Downloaded 30 times

Username

Ludvig

Posts

Joined

Fri Jan 29, 2016 9:30 am

Page 1 of 1
3 posts