Grandoreiro Stealer Targeting Spain and Latin America: Malware Analysis and Decryption Insights
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
A new campaign utilizing the Brazilian stealer Grandoreiro has been detected targeting Spain and Latin American countries. The malware, active since 2017, aims to steal sensitive information, including banking credentials and personal data. It employs advanced evasion techniques such as string encryption and anti-sandbox measures. The campaign distributes Grandoreiro through phishing emails containing VBS files. Once executed, it performs various checks to evade detection and uses legitimate services for geolocation and DNS resolution. The report provides detailed insights into the malware's behavior and explains the string obfuscation and decryption techniques used in this campaign.
OPENCTI LABELS :
phishing,grandoreiro
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Grandoreiro Stealer Targeting Spain and Latin America: Malware Analysis and Decryption Insights