Security Affairs

MARCH 3, 2020

Hash 757dfeacabf4c2f771147159d26117818354af14050e6ba42cc00f4a3d58e51f Threat Kimsuky loader Brief Description Scr file, initial loader Ssdeep 12288:APWcT1z2aKqkP/mANd2JiEWKZ52zfeCkIAYfLeXcj6uuLl:uhT1z4q030JigZUaULeXc3uLl. Figure 2: Written file (AutoUpdate.dll) in the “%AppData%LocalTemp” path. Table 2: AutoUpdate.dll Information.

IT 127

IT File names Libraries Communications 127

Security Affairs

MARCH 2, 2019

File name: patent-2019-02-20T093A283A05-1.xls Next image presents when the file is opened. However, as already mentioned at the beginning of the technical analysis, SI-LAB team obtained two types of files, namely xls and doc archives. File name : 68131_46_20190219.doc Technical Analysis.

File names 85

File names Phishing Libraries IT 85

Security Affairs

SEPTEMBER 4, 2019

Unlike most ransomware, JSWorm does not embed a list of file extensions to encrypt, but uses a set of extensions to exclude during the cipher step. The malware encrypts all the files whose extension is not present in the list. Figure 4: Content of “key” file contained in “C:ProgramData”.

Ransomware 81

Ransomware Encryption File names Libraries 81

Security Affairs

DECEMBER 29, 2019

The downloaded file is a compressed file (.zip) As observed, after extracting the file, three files are presented. The file “ FacturaNovembro-4492154-2019-10_8.vbs This is a Visual Basic Script (VBScript) file that is acting as a dropper and downloader. At the moment, the file 0.zip amazonaws[.]com/0.zip

Passwords 96

Passwords e-Discovery IT Cleanup 96

Security Affairs

FEBRUARY 16, 2021

The following schema is an effort to present in a single high-level diagram the workflow of the most popular Latin American trojans. Next, an email template used by Javali to lure victims is presented. MSI file – The Javali Dropper. dll: Windows legitimate DLL for runtime dependencies – MICROSOFT® C RUNTIME LIBRARY.

Libraries 119

Libraries Communications Phishing Encryption 119

eSecurity Planet

FEBRUARY 3, 2021

Presenting itself as a JPG file named “gracious_truth.jpg,” Teardrop is a memory-only dropper built to enter a network seamlessly and replace the embedded payload. ” The Orion update was signed and presented as the latest update, and malware taking root went undetected.

Cybersecurity 62

Cybersecurity Access Authentication Cloud 62

Security Affairs

JULY 7, 2020

Figure 4: VBS file – Lampion downloader – obfuscation layer. The next graph presents the various forms already documented the threat. As noted, malware is usually distributed with a simple email template, where the victim downloads a ZIP file with a VBS downloader inside. LNK files from the Windows startup folder.

Communications 96

Communications Cloud Phishing Encryption 96