2021-09-21 (TUESDAY) - BRAZIL - CURRÍCULO (RESUME) THEMED MALSPAM

NOTICE:

• The zip archives on this page have been updated, and they now use the new password scheme.  For the new password, see the "about" page of this website.

ASSOCIATED FILES:

• 2021-09-21-Curriculo-IOCs.txt.zip   1.4 kB   (1,391 bytes)
• 2021-09-21-Curriculo.eml.zip   1.8 kB   (1,756 bytes)
• 2021-09-21-Curriculo.pcap.zip   11.1 MB   (11,170,798 bytes)
• 2021-09-21-Curriculo-malware.zip   11.6 MB   (11,579,301 bytes)

 

IMAGES

Shown above:  Screenshot of the email.

 

Shown above:  Downloading zip archive after clicking link in email.

 

Shown above:  MSI file from downloaded zip archive.

 

Shown above:  MSI file pulls zip archive from 35.183.116[.]253 to install malware here.

 

Shown above:  Traffic from an infection filtered in Wireshark.

 

Shown above:  HTTP stream for traffic to Amazon AWS server (part 1 of 3).

 

Shown above:  HTTP stream for traffic to Amazon AWS server (part 2 of 3).

 

Shown above:  HTTP stream for traffic to Amazon AWS server (part 3 of 3).

 

Shown above:  Malicious zip archive from 35.183.116[.]253.

 

Shown above:  Possible C2 traffic from infected Windows host.

 

Click here to return to the main page.