Exploring the Metamorfo Banking Trojan
Essential information
- Published
- 17/05/2024 15:38
- Modified
- 17/05/2024 16:03
- Tags
- 2024-05-17 appdata autoit casbaneiro deobfuscating html metamorfo powershell script script file
- Related entities
- 39 observables, 1 intrusion sets (apt), 9 techniques (mitre), 2 malware
Description
This report delves into a malware campaign known as Metamorfo, a banking Trojan that spreads through malspam campaigns. It entices users to click on HTML attachments, initiating a series of activities focused on gathering system metadata. The infection chain involves obfuscation techniques, URL evasion tactics, and the downloading of malicious payloads. The malware establishes connections with remote servers, collects sensitive data, disables security measures, performs registry modifications, and persists on the compromised system. The campaign primarily targets North and South American geolocations, aiming to steal victims' financial information and banking credentials.