Note: files from 0.png to 9.png are available and they have the same content. \REGISTRY\USER\S-1-5-21-xxxxxxxx\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL = First, it changes the Internet settings by modifying the following registry key for the current user: This file had a VT score of 0/55 when I scanned it for the first time ( 12:09 UTC). ![]() The picture is a link to a RAR file "visualizar_imprimir.rar" (MD5: c2781a11e7de53cc0ddb2161628454cb) which contains a malicious PE file "visualizar_imprimir.exe" (MD5: c5e9014a82a889dcf2c5fd66ba5f1dca). ![]() Redacted in Portuguese, it could be approximately translated with the help of Google to: " Please find attached the pay slip of Augustus 2016 which expires on Monday. This message was sent to a Brazilian citizen. ![]() It started with an email sample like this: Yesterday, I discovered a nice example of targeted attack against a Brazilian bank.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |