2021-09-21 (TUESDAY) - BRAZIL - CURRÍCULO (RESUME) THEMED MALSPAM

ASSOCIATED FILES:

 

NOTES:

 

IMAGES


Shown above:  Screenshot of the email.

 


Shown above:  Downloading zip archive after clicking link in email.

 


Shown above:  MSI file from downloaded zip archive.

 


Shown above:  MSI file pulls zip archive from 35.183.116[.]253 to install malware here.

 


Shown above:  Traffic from an infection filtered in Wireshark.

 


Shown above:  HTTP stream for traffic to Amazon AWS server (part 1 of 3).

 


Shown above:  HTTP stream for traffic to Amazon AWS server (part 2 of 3).

 


Shown above:  HTTP stream for traffic to Amazon AWS server (part 3 of 3).

 


Shown above:  Malicious zip archive from 35.183.116[.]253.

 


Shown above:  Possible C2 traffic from infected Windows host.

 

Click here to return to the main page.