Javali

Javali has used embedded VBScript to download malicious payloads from C2.(Citation: Securelist Brazilian Banking Malware July 2020)

Javali can capture login credentials from open browsers including Firefox, Chrome, Internet Explorer, and Edge.(Citation: Securelist Brazilian Banking Malware July 2020)

Javali can use DLL side-loading to load malicious DLLs into legitimate executables.(Citation: Securelist Brazilian Banking Malware July 2020)

Javali can use large obfuscated libraries to hinder detection and analysis.(Citation: Securelist Brazilian Banking Malware July 2020)

Javali has been delivered as malicious e-mail attachments.(Citation: Securelist Brazilian Banking Malware July 2020)

Javali has used the MSI installer to download and execute malicious payloads.(Citation: Securelist Brazilian Banking Malware July 2020)

Javali has achieved execution through victims clicking links to malicious websites.(Citation: Securelist Brazilian Banking Malware July 2020)

Javali can read C2 information from Google Documents and YouTube.(Citation: Securelist Brazilian Banking Malware July 2020)