Skuggaheimar/Threat Intelligence/Grandoreiro
GRANDOREIRO
GRANDOREIRO
BANKING TROJAN
ECRIME / LATAM
Threat IntelligenceMalwareAugust 20, 202515 min read

Grandoreiro: Threat Intelligence Profile

LATAM banking trojan

Scroll

Grandoreiro (also known as Grandoreiro) is a banking trojan active since 2016. LATAM banking trojan. Key characteristics include: Delphi-based, banking overlays, targets Spain/LATAM/Portugal, operator arrests 2024.

Overview & Background

LATAM banking trojan. First identified in 2016, this threat is attributed to eCrime / LATAM.

Threat Assessment

Grandoreiro remains an active threat. Organizations should implement detection rules and monitor for indicators associated with this banking trojan.

Technical Analysis

Grandoreiro employs the following capabilities and techniques:

MITRE ATT&CK Mapping

TacticTechniqueUsage
Initial AccessT1566.001 Phishing AttachmentCommon delivery vector
ExecutionT1204.002 Malicious FileUser-triggered execution
PersistenceT1547.001 Registry Run KeysAutostart persistence
Defense EvasionT1027 Obfuscated FilesPayload obfuscation
C2T1071.001 Web ProtocolsHTTP/HTTPS C2

Detection & Defense

Defend Against Grandoreiro

Mjolnir Security provides detection and response capabilities against Grandoreiro and similar threats.

Threat DetectionIncident ResponseThreat HuntingMDR ServicesThreat Intelligence
  • Proactive Threat Hunting Hunt for Grandoreiro indicators and TTPs within your environment.
  • Threat Intelligence Monitor Grandoreiro campaigns and infrastructure changes.
  • 24/7 Incident Response Rapid containment and forensic investigation. Call +1 833 403 5875.
Written by: Mjolnir Security  |  Published: August 20, 2025
Related Reports
Malware

Tofsee: Modular Spam Botnet

Read Report →
Malware

Emotet: Modular Botnet

Read Report →