Threat analysis study: Grandoreiro

Posted date 02/06/2022
Author
INCIBE (INCIBE)
Threat analysis image

Continuing with our series of analytical studies on malware distribution campaigns affecting Spain, which we began in April 2021, today we publish a new study on the trojan Grandoreiro which represents a significant threat to the banking sector.

As a trojan, this malware is designed to have multiple uses, the most common of which is to create a backdoor on the infected equipment to be able to download updates and new functions. The aim of the study is to gather the information necessary to identify the characteristics of the malicious code of this family, as well as its behaviour.

Throughout the study, detailed information is provided on the infection methods used by this trojan, the language in which it is programmed, its functionalities and mode of action, detailing the infection process step by step, as well as the protection methods used by Grandoreiro itself to evade security controls. This analysis also includes security recommendations and several IOCs and Yara rules to assist in the detection of samples of the trojan.

The full study can be downloaded below: