2022-03-21 (MONDAY) - INFECTION FROM BRAZIL MALSPAM

NOTICE:

• The zip archives on this page have been updated, and they now use the new password scheme.  For the new password, see the "about" page of this website.

ASSOCIATED FILES:

• 2022-03-21-Brazil-sourced-malspam-infection-IOCs.txt.zip   1.3 kB   (1,299 bytes)
• 2022-03-21-Brazil-malspam-example.eml.zip   2.6 kB   (2,589 bytes)
• 2022-03-21-Brazil-sourced-malspam-infection.pcap.zip   14.3 MB   (14,298,316 bytes)
• 2022-03-21-malware-from-Brazil-sourced-malspam-infection.zip   40.2 MB   (40,165,939 bytes)

 

IMAGES

Shown above:  Screenshot from the email.

 

Shown above:  Link from the email returned an MSI file.

 

Shown above:  Traffic from the infection filtered in Wireshark.

 

Shown above:  Malware/artifacts found after the initial infection.

 

Click here to return to the main page.