Showing posts from July, 2023

FantasyMW, a brazilian banking trojan

Update: Apparently this is a rebrand from an existing malware family called GoatRat and it was named as FantasyMW. More details at: Sample seen from MalwareHunterTeam's tweet . The sample is written in kotlin and under a Windows host OS. This is possible to guess because the strings hint to Windows paths. At the time of the analysis the domains were not resolving. It seems to be a new or under development banking trojan, as hinted by the path strings: C:/Users/55119/Documents/NewBankingTrojan/production/app/src/main/java/com/fuck/thepolice/MainActivity.kt   This is not the first ITW sample of this developer. The first ITW sample was seen on 2023-06-06 13:25:28 UTC and uses a different path for development:  C:/Users/nuke/Documents/FantasyMalware/BasicVersion/ The path differs from the latest spotted sample. Since this is a brazilian malware, I chose to dub it as Casanossolar f