2021-08-31 (TUESDAY) - ASTAROTH/GUILDMA INFECTION FROM BRAZIL MALSPAM

ASSOCIATED FILES:

NOTES:

 


Shown above:  Screenshot from the email.

 


Shown above:  Downloading a zip archive from link in the email.

 


Shown above:  Contents of the zip archive are a Windows shortcut designed to infect a vulnerable Windows host.

 


Shown above:  Traffic from the infection filtered in Wireshark.

 


Shown above:  Windows shortcut in the startup menu to keep the infection persistent.

 


Shown above:  Artifact from the infection--a text file with path for the persistent malware.

 


Shown above:  An .hta file used for the infection.

 


Shown above:  More malware and artifacts from the infection.

 

Click here to return to the main page.