Groups Behind “Banload” Banking Malware Implement New Techniques

description: As the adoption of online banking within Brazil continues to grow, a corresponding rise in banking malware targeting this developing market is also being observed. The prolific Brazilian cybercrime group behind the banking malware “Banload” have implemented an interesting new driver component, internally called ‘FileDelete’, to remove software drivers and executables belonging to anti-malware and banking protection programs. The goal behind this driver is to enable fraud through credential theft and account-takeover operations on a victim’s machine. In this technical analysis, SentinelOne dissects the novel FileDelete driver to reveal how it works.

publish date:

reference :

IOC Table
total 3
type value
FileHash-MD5 ef4048de1c678045520815c932e73f56
FileHash-MD5 bd73f690fb9479ccfacad8cc3d36f002
FileHash-MD5 f54c335c5024cfa43c4673f3c99209b2