BradMar 7, 2025

2025-03-06 (Thursday): More #Astaroth (#Guildma) #maslpam today.

URLs for the initial zip download:

hxxps[:]//51.190.202[.]64.host.secureserver[.]net/contrato/Relatorio_PDF_144247

hxxps[:]//222.20.205[.]92.host.secureserver[.]net/contrato/Autenticar_PDF_956644

BradMar 5, 2025

2025-03-05 (Wednesday): #Astaroth ( #Guildma ) distributed through Brazil #malspam

As usual, I didn't get a full infection chain, but I did get the initial zip archive from that link in the email.

Details at https://github.com/malware-traffic/indicators/blob/main/2025-03-05-Astaroth-Guildma-activity-from-Brazil-malspam.txt

indicators/2025-03-05-Astaroth-Guildma-activity-from-Brazil-malspam.txt at main · malware-traffic/indicators

Indicators of Compromise (IOCs) from malware or suspicious network traffic - malware-traffic/indicators

GitHub
SANS Internet Storm Center - SANS.edu - Go Sentinels!Jan 5, 2023
ISC diary: @malware_traffic finds more #malspam pushing #Astaroth (#Guildma) in January 2023 https://i5c.us/d29404
ITSEC NewsNov 10, 2020
Ghimob Android Banking Trojan Targets 153 Mobile Apps - A banking trojan is targeting mobile app users in Brazil - and researchers warn that its operator ... https://threatpost.com/ghimob-android-banking-trojan/161075/ #mobilesecurity #bankingtrojan #cybercriminal #bankingfraud #mobileapp #android #guildma #tetrade #brazil #ghimob #google
Ghimob Android Banking Trojan Targets 153 Mobile Apps

A banking trojan is targeting mobile app users in Brazil – and researchers warn that its operator has big plans to expand abroad.

Threatpost - English - Global - threatpost.com