Description
[Astaroth](https://attack.mitre.org/software/S0373) is a Trojan and information stealer known to affect companies in Europe, Brazil, and throughout Latin America. It has been known publicly since at least late 2017. (Citation: Cybereason Astaroth Feb 2019)(Citation: Cofense Astaroth Sept 2018)(Citation: Securelist Brazilian Banking Malware July 2020)
External References
Techniques Used by This Malware
- T1016 — System Network Configuration Discovery
- T1027.002 — Software Packing
- T1027.010 — Command Obfuscation
- T1027.013 — Encrypted/Encoded File
- T1041 — Exfiltration Over C2 Channel
- T1047 — Windows Management Instrumentation
- T1055.012 — Process Hollowing
- T1056.001 — Keylogging
- T1057 — Process Discovery
- T1059.003 — Windows Command Shell
- T1059.005 — Visual Basic
- T1059.007 — JavaScript
- T1074.001 — Local Data Staging
- T1082 — System Information Discovery
- T1102.001 — Dead Drop Resolver
- T1105 — Ingress Tool Transfer
- T1115 — Clipboard Data
- T1124 — System Time Discovery
- T1129 — Shared Modules
- T1132.001 — Standard Encoding
- T1140 — Deobfuscate/Decode Files or Information
- T1204.002 — Malicious File
- T1218.001 — Compiled HTML File
- T1218.010 — Regsvr32
- T1220 — XSL Script Processing
- T1497.001 — System Checks
- T1518.001 — Security Software Discovery
- T1547.001 — Registry Run Keys / Startup Folder
- T1547.009 — Shortcut Modification
- T1552 — Unsecured Credentials
- T1555 — Credentials from Password Stores
- T1564.003 — Hidden Window
- T1564.004 — NTFS File Attributes
- T1566.001 — Spearphishing Attachment
- T1568.002 — Domain Generation Algorithms
- T1574.001 — DLL