Astaroth (Malware Family)

SYMBOL	COMMON_NAME	aka. SYNONYMS

win.astaroth (Back to overview)

Astaroth

aka: Guildma

First spotted in the wild in 2017, Astaroth is a highly prevalent, information-stealing Latin American banking trojan. It is written in Delphi and has some innovative execution and attack techniques. Originally, this malware variant targeted Brazilian users, but Astaroth now targets users both in North America and Europe.

References

2024-10-14 ⋅ Trend Micro ⋅ Adremel Redondo, Adriel Isidro, Andre Filipe Codod, Charles Adrian Marty, Christian Alpuerto, Kim Benedict Victorio, Lorenzo Laureano, Mark Jason Co
Water Makara Uses Obfuscated JavaScript in Spear Phishing Campaign, Targets Brazil With Astaroth Malware
Astaroth Water Makara

2022-08-19 ⋅ SANS ISC ⋅ Brad Duncan
Brazil malspam pushes Astaroth (Guildma) malware
Astaroth

2022-01-17 ⋅ Github (pan-unit42) ⋅ Brad Duncan
IOCs for Astaroth/Guildma malware infection
Astaroth

2021-11-17 ⋅ ARMOR ⋅ Amer Elsad
Astaroth: Banking Trojan
Astaroth

2021-03-21 ⋅ Blackberry ⋅ Blackberry Research
2021 Threat Report
Bashlite FritzFrog IPStorm Mirai Tsunami elf.wellmess AppleJeus Dacls EvilQuest Manuscrypt Astaroth BazarBackdoor Cerber Cobalt Strike Emotet FinFisher RAT Kwampirs MimiKatz NjRAT Ryuk SmokeLoader TrickBot

2020-12-21 ⋅ Cisco Talos ⋅ JON MUNSHAW
2020: The year in malware
WolfRAT Prometei Poet RAT Agent Tesla Astaroth Ave Maria CRAT Emotet Gozi IndigoDrop JhoneRAT Nanocore RAT NjRAT Oblique RAT SmokeLoader StrongPity WastedLocker Zloader

2020-07-14 ⋅ Kaspersky Labs ⋅ GReAT
The Tetrade: Brazilian banking malware goes global
Astaroth Grandoreiro Melcoz

2020-07-03 ⋅ F-Secure Labs ⋅ Anartz Martin
Attack Detection Fundamentals: Code Execution and Persistence - Lab #1
Astaroth

2020-05-31 ⋅ InfoSec Handlers Diary Blog ⋅ Renato Marinho
Guildma is now using Finger and Signed Binary Proxy Execution to evade defenses
Astaroth

2020-05-11 ⋅ Cisco Talos ⋅ Edmund Brumaghin, Nick Biasini, Nick Lister
Astaroth - Maze of obfuscation and evasion reveals dark stealer
Astaroth

2020-03-23 ⋅ Microsoft ⋅ Microsoft Defender ATP Research Team
Latest Astaroth living-off-the-land attacks are even more invisible but not less observable
Astaroth

2020-03-05 ⋅ ESET Research ⋅ ESET Research
Guildma: The Devil drives electric
Astaroth

2019-12-06 ⋅ Botconf ⋅ Jakub Souček, Juraj Horňák
Demystifying banking trojans from Latin America
Astaroth Metamorfo

2019-07-08 ⋅ Microsoft ⋅ Microsoft Defender ATP Research Team
Dismantling a fileless campaign: Microsoft Defender ATP’s Antivirus exposes Astaroth attack
Astaroth

2019-04-25 ⋅ AppGate ⋅ Edgar Felipe Duarte Porras
Meet Lucifer: A New International Trojan
Astaroth

2019-02-13 ⋅ Cybereason ⋅ Eli Salem
Astaroth Malware Uses Legitimate OS and Antivirus Processes to Steal Passwords and Personal Data
Astaroth

There is no Yara-Signature yet.

Astaroth Propose Change

References

Astaroth