Advertisement · 728 × 90
#
Hashtag
#Guildma
Advertisement · 728 × 90
Brad
Brad
@malware-traffic-analysis.net
1 year ago
Screenshot from the DocuSign-themed Portuguese language (Brazil) email, showing the link to download malware.

Screenshot from the DocuSign-themed Portuguese language (Brazil) email, showing the link to download malware.

Web browser showing download of zip archive from link in the email. Also shows the zip archive content, a Windows shortcut.

Web browser showing download of zip archive from link in the email. Also shows the zip archive content, a Windows shortcut.

Details of the Windows shortcut extracted from the downloaded zip archive. The target is a command string using cmd.exe to run obfuscated code that results in a URL for further malware.

Details of the Windows shortcut extracted from the downloaded zip archive. The target is a command string using cmd.exe to run obfuscated code that results in a URL for further malware.

2025-03-05 (Wednesday): #Astaroth ( #Guildma ) distributed through Brazil #malspam - As usual, I didn't get a full infection chain, but I got the initial zip archive from link in the email. Details at github.com/malware-traf...

8 4 0 0
キタきつね
キタきつね
@kitafox.bsky.social
1 year ago
Preview
Astaroth Phishing Kit Bypasses 2FA Using Reverse Proxy Techniques Astaroth is an advanced phishing kit using real-time credential and session cookie capture to compromise Gmail, Yahoo and Office 365 accounts

Astaroth フィッシング キットはリバース プロキシ技術を使用して 2FA を回避します

Astaroth Phishing Kit Bypasses 2FA Using Reverse Proxy Techniques #InfosecurityMagazine (feb 13)

#Astaroth #Guildma #フィッシング #二要素認証回避 #サイバーセキュリティ

0 0 0 0
Brad
Brad
@malware-traffic-analysis.net
1 year ago
Post image Post image

2024-12-16 (Mon): More Brazil-targeted #malspam pushing #Guildma / #Astaroth. Email link 214.235.109[.]208.host.secureserver.net/cliente/Assinar_PDF_3476

Zip bazaar.abuse.ch/sample/59a88...

Shortcut generated this URL for follow-up malware: hxxps[:]//stralinluntar06.medicoassocidos[.]homes/?1//?8/

4 1 1 0
Brad
Brad
@malware-traffic-analysis.net
1 year ago
Screesnhot of email impersonating Brazilian Federal Revenue service with link to download malware.

Screesnhot of email impersonating Brazilian Federal Revenue service with link to download malware.

Downloading the malicious zip archive, and the downloaded zip archive contains a Windows shortcut to retrieve more malware.

Downloading the malicious zip archive, and the downloaded zip archive contains a Windows shortcut to retrieve more malware.

Unfortunately, the URL for follow-up malware didn't like the location I came from through a VPN, so it returned a URL for Google instead of additional malware for the Guildma (Astaroth) infection chain.

Unfortunately, the URL for follow-up malware didn't like the location I came from through a VPN, so it returned a URL for Google instead of additional malware for the Guildma (Astaroth) infection chain.

2024-12-12 (Thursday): #Guildma ( #Astaroth ) infection chain from Brazil-targeted #malspam. Link returned zip containing Windows shortcut. Shortcut generated this URL for follow-up malware: hxxps[:]//trumol.mesacirurgica[.]sbs/?8/

Downloaded zip archive available at bazaar.abuse.ch/sample/8f01b...

2 1 3 0