2021-08-31 (TUESDAY) - ASTAROTH/GUILDMA INFECTION FROM BRAZIL MALSPAM
ASSOCIATED FILES:
- 2021-08-31-Astaroth-Guildma-IOCs.txt.zip 3.4 kB (3,366 bytes)
- 2021-08-31-Astaroth-Guildma-malspam-1637-UTC.eml.zip 32.1 kB (32,107 bytes)
- 2021-08-31-Astaroth-Guildma-infection-traffic.pcap.zip 4.5 MB (4,493,345 bytes)
- 2021-08-31-Astaroth-Guildma-malware-and-artifacts.zip 4.2 MB (4,238,882 bytes)
NOTES:
- All zip archives on this site are password-protected. If you don't know the password, see the "about" page of this website.
- Previous posts on this site for Astaroth/Guildma:
Shown above: Screenshot from the email.
Shown above: Downloading a zip archive from link in the email.
Shown above: Contents of the zip archive are a Windows shortcut designed to infect a vulnerable Windows host.
Shown above: Traffic from the infection filtered in Wireshark.
Shown above: Windows shortcut in the startup menu to keep the infection persistent.
Shown above: Artifact from the infection--a text file with path for the persistent malware.
Shown above: An .hta file used for the infection.
Shown above: More malware and artifacts from the infection.
Click here to return to the main page.