SYMBOLCOMMON_NAMEaka. SYNONYMS
win.astaroth (Back to overview)

Astaroth

aka: Guildma

First spotted in the wild in 2017, Astaroth is a highly prevalent, information-stealing Latin American banking trojan. It is written in Delphi and has some innovative execution and attack techniques. Originally, this malware variant targeted Brazilian users, but Astaroth now targets users both in North America and Europe.

References
2024-10-14Trend MicroAdremel Redondo, Adriel Isidro, Andre Filipe Codod, Charles Adrian Marty, Christian Alpuerto, Kim Benedict Victorio, Lorenzo Laureano, Mark Jason Co
Water Makara Uses Obfuscated JavaScript in Spear Phishing Campaign, Targets Brazil With Astaroth Malware
Astaroth Water Makara
2022-08-19SANS ISCBrad Duncan
Brazil malspam pushes Astaroth (Guildma) malware
Astaroth
2022-01-17Github (pan-unit42)Brad Duncan
IOCs for Astaroth/Guildma malware infection
Astaroth
2021-11-17ARMORAmer Elsad
Astaroth: Banking Trojan
Astaroth
2021-03-21BlackberryBlackberry Research
2021 Threat Report
Bashlite FritzFrog IPStorm Mirai Tsunami elf.wellmess AppleJeus Dacls EvilQuest Manuscrypt Astaroth BazarBackdoor Cerber Cobalt Strike Emotet FinFisher RAT Kwampirs MimiKatz NjRAT Ryuk SmokeLoader TrickBot
2020-12-21Cisco TalosJON MUNSHAW
2020: The year in malware
WolfRAT Prometei Poet RAT Agent Tesla Astaroth Ave Maria CRAT Emotet Gozi IndigoDrop JhoneRAT Nanocore RAT NjRAT Oblique RAT SmokeLoader StrongPity WastedLocker Zloader
2020-07-14Kaspersky LabsGReAT
The Tetrade: Brazilian banking malware goes global
Astaroth Grandoreiro Melcoz
2020-07-03F-Secure LabsAnartz Martin
Attack Detection Fundamentals: Code Execution and Persistence - Lab #1
Astaroth
2020-05-31InfoSec Handlers Diary BlogRenato Marinho
Guildma is now using Finger and Signed Binary Proxy Execution to evade defenses
Astaroth
2020-05-11Cisco TalosEdmund Brumaghin, Nick Biasini, Nick Lister
Astaroth - Maze of obfuscation and evasion reveals dark stealer
Astaroth
2020-03-23MicrosoftMicrosoft Defender ATP Research Team
Latest Astaroth living-off-the-land attacks are even more invisible but not less observable
Astaroth
2020-03-05ESET ResearchESET Research
Guildma: The Devil drives electric
Astaroth
2019-12-06BotconfJakub Souček, Juraj Horňák
Demystifying banking trojans from Latin America
Astaroth Metamorfo
2019-07-08MicrosoftMicrosoft Defender ATP Research Team
Dismantling a fileless campaign: Microsoft Defender ATP’s Antivirus exposes Astaroth attack
Astaroth
2019-04-25AppGateEdgar Felipe Duarte Porras
Meet Lucifer: A New International Trojan
Astaroth
2019-02-13CybereasonEli Salem
Astaroth Malware Uses Legitimate OS and Antivirus Processes to Steal Passwords and Personal Data
Astaroth

There is no Yara-Signature yet.