The S2 Group’s intelligence team has identified through adversary tracking a new phishing campaign by Snake Keylogger, a Russian origin stealer programmed in .NET, targeting various types of victims, such as companies, governments or individuals. The campaign has been identified as using spearphishing emails offering oil products. These emails will contain a zipped attachment that […]
stealer
Grandoreiro Stealer Targeting Spain and Latin America: Malware Analysis and Decryption Insights
A new campaign targeting Spain and Latin American countries, utilizing the Brazilian stealer Grandoreiro, was detected during March 2025. This report provides detailed insights into the malware’s behavior, along with an explanation of the string obfuscation and decryption techniques employed in this campaign. Grandoreiro Grandoreiro is a Brazilian-origin stealer malware that has been active since […]
Complete dissection of an APK with a suspicious C2 Server
During our analysis of the Penquin-related infrastructure we reported in our previous post, we paid special attention to the malicious binaries contacting these IP addresses, since as we showed in the analysis, they had been used as C2 of other threats used by Turla. One threat that makes contact with the 82.146.35[.]240 address in particular […]