jueves, 11 de junio de 2015

Falsa Intimación :  Prezado(a) Cliente: Notificao de Intimacoes (10962)‏
Hoy les traigo una amenaza que ataca a varias entidades bancarias de Brasil, llega como una falsa intimación del AASP :: Associação dos Advogados de São Paulo.

Amenaza:
http://urlquery.net/report.php?id=1433860235433 http://urlquery.net/report.php?id=1433860235433



Analisis en VT con un indice casi nulo de detecciones. 2/57





Contiene una capa de ofuscación con un cripter en VBasic que se quita fácilmente aplicando un BP en IsDebbugerPresent y en WriteProcessMemory para volcar el dump

El Dropper descarga otra amenaza desde otro sitio, el url se encuentra codificado.



El archivo descargado (.jpg) corresponde a un .ZIP con password.





Trafico




La password del ZIP esta ofuscada en el binario.

\temp.zip
Scripting.FileSystemObject
102030

Analizamos en VT el Payload (reader.exe) con un indice de detecciones 3/57





Se encuentra ofuscado con el mismo cripter que el Dropper.



Corresponde a un binario programado en Delphi, el cual monitorea las URLS que son visitadas en el navegador cunado corresponde con alguna de las que tiene codificadas, mostrara un formulario falso para la captura de los datos bancarios/tokens virtuales de la victima.


Cadenas codificadas en el binario.





CEBB5788B0
2E2F29
BB46F1639A3365
6FFF2F7FA8124D84B19E
482F3F9E5FFD281D
2434ED639D
768DBB19C53886AF94B663FC
CC6682DF1C52FC261DD80E4A
8E96A0D952AD3B38C15DED1B3545
2132DE7CA0FD4EF32D
5BE812B751
A3B168FE3F85D00725CE508DAA2EAF66E219CE73FD36F165E46A9ABF33E464E00239E275EE3B9D35E16793A64485

C650D81C23495AEA64C8
23215CF0164E8BEF1031DB7FAB2AB95BFD4E7BC31AD905D572ED15CDDD
DF77F17584E83A3FDB60E53D
ABAB56F92FAE26DE1DC06EBA7AD509389DC27283D162D772D00137E07E93C410741778AD28C49530DC7687E4
1E2B6FEC1EA325012CDEB212A127A24D5A9341FF589B5C8EC20463041431AC15B256F019BC86
CB5BD519204451E164C8
83949CDF7FE53FC95438
36CD74EF19B4E2083FEA16BC70E275A1F6B093A424CBF8568FC572
CB5BD519204451E164C8
97AC55F01ABBED13C86083C175E578A2F58FEC0E4B9027A03AA85F36
60F770F30B5142D257E57FE650
97AC55F01ABBED13C86083C175E578A2F58FEC0E4B9027A03AA85F36
6AFD76F9016BB8BD58E462B1
DC5985C87EDF77AF6C91BEEA0A4598488DD20233A15227A322BE699230DD71E44162CD7BDD0EDC7BA131C2A1
CA5CD418274D46DE63C9
E979A13DEE6EB8669D4BF65D90C215C1D690F30544EB9836AF22D6BF
F0060E51E873A0A0BD432A
EA73A83FE266E503A34AF522DC71A3A233F71A627BCA61FC431338E87D92
05121A5DFC67BC54EB6DDC
EF0420BE6BFF163BE0083B995D8DC360B7F151E2668D3A95CE0521
192E2649D01B08181379
53D18CC066FE583CEC1436915EF86889CFBFEA538BA84A1FBB1330D6
9DAAA2C5559FF40D117B
D60712B15185C5A142FF2AAD7AD4042DAB9BC6BE1FDC06D471EC163E6E
EE7FA43BE66AE107A7D274D3A93D90F57EB358953FF1352EBF
31C370EE7CC0030325C97ADD1F
D6679C21CA0E4AEB2906074BE17DDE144E90
99FB66A893F91C
3C39E76CAC2FAB
65E10FB557FA590027C563F04B9C30155F94B876DF102B20B1
BB47F95C8DC30E2739CE6A8C8A
62E21EA041BC1ACA7DAC6A89A824BD
8097B518C90042EF2B
66F17AFD1D475CEB73E646
35CF7CDA0F4355FA20C975D31B4F81A7F08AE90B4E9522BD174DE9
E97DF77B82EA38C85DCF
39E573D272E465C1629F4A8D5AF4648DCBBBE65FFF3FE0F16EE1012B7B
C650D81C23495ADA66FB53
53DB035984C5052243EB17033D918382D4193901DDAC4382C89C4EFE53F8
F70F195CE3081D34CB4D3C
A3B15EFC29B9EF1DC2669938FF5284A0F7B192A325CAF9558EC461
96A1ABCE6EF62CC44E3E
60E491C563F95F3BED13359059F5658CCCBCE55EF00ED180DC70934A
24333DA0BF24718185E7
2BD361E00056F25789B853F63393C66EEA5B067ED06EB1A03D90B35C4C
24333DA0BF2471F10F1279
59E51DB36FD2769332DC001422B4E66EF83DDDA5B889A725ABBB6F91C56B
1A2D274AD11A0B1A211877
CA59F756F267B15F84A559FF37AB22C6D1EB4FE078BFF4528BD97C
46D15A9DBC277C9496F6
81AD4B8AB92CAC88B86882C562FC6C953202A890CE6CB7AA27A64CE435
E77CA827C316002DD279A423CF0648EC2E1EC46BE90221B1E166924091B22BAF608CF5
66F17AFD1D475CEB73E646
A6B1BB3FDE051E353638C23009
59EE79FC1C4055EC72E545
C75FE90D2CB0E563FF1C2978
C75FE90D2CB0E563FF1C2978
2C3B35B840A4F10106060B69F728
001430AE5B8F9947FC2CD77EB120B65D4A64C769E006B22CA53CDA
06111B5EFD66BF50D2BA
BC568CC761FC2BD076934FF539A93CEE3872D163E60CB8164F85B39A
FB0B0568F77CA9B84EDE7DE553
D56E9A39ED7CAA4AE616C60430AA3CD80A290A2BAE44E66AE77FA44F5F051649F3234AFA50EE63
5EE9628594D8CD66E14A
A4A04091449A8CB16980A322D5045AFE284221D276BDCA045DF71E77
C857D0111155AAB74F
41D35E9E93E4
C857D0111155AAB74F
41D35E9E93E4
C857D0111155AAB74F
41D35E9E93E4
C548FF44E56BEF11CCA3A429C30340F76A8C
5AC0AAE7
B7A38F8C99ED
818FB71732AD25010D3AE0648BC3
CDBDA9E6668B
2928D87BAC20B976
47331F7C8EE7
A75288C866EB7BA05D83FD45FC40974E4C90BB79915895C5025183F86C9736
1BC0B8
FF14CA013983D2012FC45EF30D4C89B91ED40A3EB04E97CF72D67BA6F670DB7AA25B82AB2ADC1ABB76FF35DF11B379BE0B57AF5BF56998C919CF0BCB64E44C
03342C
061EC41BC3085F95B35FE07EBB1DBE77D1689FA3DB1BDA73D572904C5CED55F324DA022BA95C9B39F57FB45F9033F63C86D223C863F62EA33FF521D57EDA56
46F16D
778DB52CEC578E45E30F104DEA6EEF26A2598EB2CC6A8BC30642E01C0C1DA621C970AD5FE51857F4294CE10A2BA94F943DA9DD0D27BA6AFF5381BA7B9B3830
8FB55788B22B
E3738BE97D93
203
233434B2B5
050F1755E01153D252
353FD8
A1ADBB
07132F46254887BE7D91B12FF3667C25A39397548A50E47AEB39
E46D8CE1698DD75DE4788B
9294A1C644A3DA71FB03195C
B444DA011C5B92A4A6
A7B24B919EC22530CB6FFC64
8F9CACCA5A99DE75808EAD
4FDC6F8D94EB0709
1BC0B8
FF14CA013983D2012FC45EF30D4C89B91ED40A3EB04E97CF72D67BA6F670DB7AA25B82AB2ADC1ABB76FF35DF11B379BE0B57AF5BF56998C919CF0BCB64E44C
BB4BD316265491919FAA
03342C
061EC41BC3085F95B35FE07EBB1DBE77D1689FA3DB1BDA73D572904C5CED55F324DA022BA95C9B39F57FB45F9033F63C86D223C863F62EA33FF521D57EDA56
46F16D
778DB52CEC578E45E30F104DEA6EEF26A2598EB2CC6A8BC30642E01C0C1DA621C970AD5FE51857F4294CE10A2BA94F943DA9DD0D27BA6AFF5381BA7B9B3830
0E1D2F4DD41653E17F8FAEC656AF
8DA7B232CE1560F07D8A
F2041F43DA2D49
0D1D39B09FDD789FDC0DCCD867FF1227AE73D8
EF523265
6AEC1BBD619532D77390B92A
9591BF023DB22EE50E3FE779
82919FD253A7DD69
33C459
46DE63
D56EFE
202A344B225EF52B32EB1DA44251AC59F93DE15A
52D8659CF30C47849D5F88CF190A
7C8884E26B8CE704110C
46D46198F773E21530D375A1B417BE77EB5F
BA4FEB036A81D40722C16BBF5486CE71EF0126CD77C6BC
0C081E5AD7195BF705
CB5EF870DF1B4AFC28DB0D193DAD163E92A34BE262D4
31C65F829AD62AC7
F9001A5138BB3DD460E4668BF1095883D06D91E9003EE669FE14
0416205736B533C25EE6608DF773E61043FF261E5BED31A53DA84AF0533A
6D8785E3649CD775
4AD06D84EB0C67F17F8586EB56AD3DEE6480A69EDB6CB72EA531D20B4D3C
54E06F8D9DD515213FDC
46D46198F77FD20FCA75D929C21C4FF65121372445D877F778FB1773
F370FC7F9FDB141915191154
CC6795343983C14CF716CF01
94A6B0C7A6DA76AC689E4986B326B86DA7
C852D2102C5E868D96A5
C050DC1F265887
6EF972F5056FA4B3B4BA5DAA97
131CCC012A5EE51CC679A7
7F95B414C7389B4AF42BD1
C6538B31E87DD70E34EB
82A15DFC21
FA0F379C5CF26197B156
193AE57792
2436EC5289DD7DA856F4
35E51CA244
8E9CA2C757AF
808A90D650
6BFF1A5138B630C2412E32905FB4
69EB718A81FF
BF4AD42C0375F70501036F8BA72F65
C241C43ECD2A4FE566E260
6BF71952EA
F6050763E301748E
75FA0D61EA02758480
71F9047BD22ABD6D9BF4085F8EC90C3E56
57E37EF555A83CE3006FF457E264FF3395E8
6F8584E3778EF9010F
FC0D29402F4691B85738C90DDA7CDC7BE80868
5BE9668484E20003
6AF01346F457FC28C773DF1DD175E81EBB71A69ED41CD975D471914D
818FB71732AD25010D3AE0648BC3
F27E99EE78F50113
70839CED087AFA69D4
070E19
0E172051D9
292B394F
F8051061
8FA5AFCD6E9C
65FF007389FD74F9
4CC97FDE0E4A
57ED144AF2598CBA698A80D860F06E95CD10C16388
6EFE017D85E306
A9BA49A5AAC3333A36
2C32CF262345B8BF48
67F70576F0096AF772FC
64FF0C68E51E56
41C954AB82FB6B92BE91963FFA72E918B64AE851A54BE16BEA38
77839FD6B5C81CC360CF55FD0578D3025CEF126AE31461F559FB1A7384B42D95412D
4CD45397A7C1
D465F1096083DE0739E801443EA123CB062404
DC63E1061550B0
34C653AA81E27EA65988A0241E4295419E50C5B0
99A7A5C952A7
D465F1096083DE0739E801443EBD1FD77689A94156FB08598ECC69C5
050B195DED7189
658EBB
ED1537A8
5EC16FE341
50FA21
BD6C983C
BBA45BF86E
98BE69FA10
4DE911B0
5738D0022FA3FA
F207136AC121B051F32DDD79C30042E075B497A33E0F26B4194C2B
A6B441B8B2C820
A9B14CA38AE46E91F8709530CB0B19C30427D81343F60D03
D05DF80E17549091ADA1
202A344B225B8AB15E31369E5A49BC6FE80B33FE57263295CE73A581
35C550A786FF5786A28D9A3BC6D529D373B55893C3B2489A8AD90A37A884F65D82B16EDD
D15CF97AF375FE0A111D25
60EA778EFD77EE1ECAA5A223DE1CB363E1012CD575C453F46ED20561
F8011D543BB222C966C95FE7135087BC0726D761FA4AE170A030E410412D5DE715C27DEC
C04DE80E106A9BA3AD4EED
45D56097F60E5980AC8380C078FE5F8DC76486A1221301469F20C8A2
748690E747BE16C562CD5BFB076FEF1C48E40520A495558595CC0732A38FE36E9343FD6D
62E36F85
2436C038176EF921CFA0AEC45142B163FB22D2AD
F6031F5635489F4FFD51DF1606154DEB3BF027C31263F1558E33E540
060A19
77839FD6B5C81CC360CF5B95EF0244E86887E9
FB0E285FCE26B159F757D22D17B226035F82B54F58C868E269EE55
A0A0AC31C82057E962
E8718DE444A73BDB0C35D571CB3C934380B96394C07382C2D5
0F111F43DA1A64
38C25F96F575EC1537EA03463CBC303BB4A59E99
2535C1391065F018341B1263F3275A8BC36A9AE5
BB4EE8006F86D17997F870819D8ECA69BE74A44195E473D40EB265C1
A5ABB93E33B53F
4FDB669D8CEF6383A55BF3572D5DE2134BE90824AE708497CD0133D509267A
D15EEA0F1C5C99A7B5
FA0F2B42294A99B96A97B71369993FF75694B673DF0331629C24D172E61C4C9BFA
45D56097F60E5980AC8389CF6BFC5086DE1E7DE66C84AF2C7F
48D26F86E51FB66682ED7CDA66F96DA53EFD5D9F3607399F24B3949C21C60E4B2A
60EA778EFD7DD47DAF51F95D274885B52CC9AF
AFBB46BDACCF0323C57B93370D63F91EA3593F
47C946AAB13340D662
93A7B3CAA1D4002FDDB24ABF549BEE4ABC618958F045
D465F1096095C06884EB738094DB2F0A43F456E36085B3E012B05D9A3A11
CF50DC011855
1327334A214291B1528FBF1B619CA5568CAE5D25BE75C027BC19C562B5
ED72FE63FB74FE
C257E31B72F16181A35D8DC8B2C0063C9251F13E84A75C4C
C35BE2
EF007E
42DE5E
54E6738AE1055C8CA48B9DCA6CE231DF798ABD7FC275CD
8B9FBB331A598C462FD20E1A2BBF062CA3BC6992CE65DD
E163E50A1B0F
9AA0BA32195A8D472ED30F1B24A4DF085E95B97FE61D2BBCEF
5AC0AAE7
53FB29BE61E66688B853F86893306C9330C6
6184BF1139AD173EE45CF3579E
28CD66E4044056FC26C861F23CAC2E
AE5F84DD0D459040EC2FEE648984D70E49
92BC62FB134F86BD6A924A9F55F26A94C277A58BDB1EDB
4CC97FDE0E4A
1A2AD007379DC87FAD45CB0C37A927CC0527DA0C5FF0166498
0E172051D9
353FD8
A1ADBB
959CAB
0322CDCB63E179E30FCE
DC7890CE7EDE77AD46F62CAC
7A9BB4D27ADA7E
F71E3696B0EC6F9A4BFB2660903795
97BF68E81F7DDF0B3BEB16B772E4
EC0923A34242984CFA2BD50D26AB
80A64181A7E56497B76E9035C114
E0052FAF56B72CCAB15A85C6
13CE7DDF0558F71FC9779733094F8CBD04BBDC140336CEDD61F01FDD608DC886A3
0B19C118C00B5A88A44EDC7D84D47291C164955784978C
070E19
F31AC10627AA2FD00C6389DE17B129D20D
E1123A98419136DE0D301241EA6BAB4B8A
D50E26A45585C56E9A42FC56908DC277D352F732
1FD10047399F37E11FCF72E212B7143C87A040FD1B2FCB0A085C89
C57E9635E574D47DAB51FA5C963AAD64F235DD67E442F053F029CC76
999CB4133A9A8C9BB56B93C075EA6291869848F152EA02
6382AA29C00315CC679A4390A43AAD65B245F40EB67188
7C88BE15C50E598FBD55DB7C87D9779C35F729FA60E2718CD024
8FA5AFCD6E9C
32E2055886D80B30ED12CA18DE
13C162F524BA29D6
94A043964599CB71
7C88BE15C50E598FBD55DB7C87D9779C35F729FA60E2798FD12122
65FF007389FD74F9
AB48E07ABE13779A43F669FF2864858BE376FA72EC0A3B933C5C8BB4143B9331E00B
BB58F06AAE23759E4BF52829CC055AFE28DE0733AF7381DE
87B76FD375D4759E5AF319B3459D3EE07384AE7FD7
EE25C70F3491E213CC76
54F01BB461F11639E117095F8B
DE0F3498B117B35D98B55BFD33AF2CD67086
6F85BD14C40F46FC2BC84787B225A240925584A535293BB2
292B394F
51F41FBD6DEF26CB09256C
012DE87AA3E2709B4021CF76
A75683D4064880AD588BA020C9
54F11AB868E76791BF7FA729C6
58CCB5E5024282A752
9A43FE5089CA063CE619CB0E3592C97BD7
8DA75EF425AF27DD0A2927A75385C260F235E40655CF7181
F8051061
CC6795343983C14CF716CF01

Se decodifican como:

bat
:1
Erase 
If exist 
 Goto 1
Open
TempExe.exe
TempExe.zip
CSIDL_APPDATA
Temp.zip
True
Software\Microsoft\Windows\CurrentVersion\Run

PASSW#TB#
Código informado é inválido 
PASSW#ASSI#
Assinatura eletrônica informada é inválida 
Número de série informado é inválido 
PASSW#TK#
PASSW#NS#
Token informado é inválido
PASSW#TK#
Token informado é inválido 
PASSW#TKSMS#
Token informado é inválido 
PASSW#ASSI#
Assinatura eletrônica informada é inválida 
PASSW#TK#
Token informado é inválido 
PASSW#DTN#
Informaçao de Data é inválida
PASSW#SN6#
Senha informada é inválida
PASSW#TB#
Código informado é inválido
PASSW#TK#
iToken informado é inválida 
Informações de Segurança
SunAwtDialog
Internet Explorer
#32770
Button
Advertência de Segurança
DirectUIHWND
CtrlNotifySink
Permitir
PASSW#SN6#
Senha informada é inválida
PASSW#TK#
iToken informado é inválida 
PASSW#DTN#
Informaçao de Data é inválida
PASSW#SN6#
Senha informada é inválida
PASSW#TB#
Código informado é inválido
PASSW#TK#
iToken informado é inválida 
PASSW#DTN#
Informaçao de Data é inválida
PASSW#SN6#
Senha informada é inválida
PASSW#TK#
iToken informado é inválida 
Senha incorreta, insira novamente.
PASSW#SN6#
PASSW#SJAVA#
PASSW#SN8#
PASSW#ASSI#
PASSW#ASSI#
PASSW#SNCARD#
Senha informada é inválida
PASSW#TK#
Token informado é inválido 
PASSW#SNCRT#
Senha certificado informada é inválida
PASSW#TB#
Chave informada é inválida 
GBPLUGIN
SCPAD
GBPLUGIN
SCPAD
GBPLUGIN
SCPAD
Internet Explorer
-#-
-#-IE
Google Chrome
-#-CR
Firefox
-#-FF
moparaiso.saves-the-whales.com
l1
Software\Microsoft\Internet Explorer\LowRegistry\Blackberry\l1
p1
Software\Microsoft\Internet Explorer\LowRegistry\Blackberry\p1
p2
Software\Microsoft\Internet Explorer\LowRegistry\Blackberry\p2
chave
PONG#
$
PING
CONWATCH
CR
IE
MSG#Visualização Ativada#
EXECUTAPRO
ATUALIZAPRO
NOVOLINK
NOVASPORTAS
LINKPORTAS
LINKDEF
l1
Software\Microsoft\Internet Explorer\LowRegistry\Blackberry\l1
PORTASDEF
p1
Software\Microsoft\Internet Explorer\LowRegistry\Blackberry\p1
p2
Software\Microsoft\Internet Explorer\LowRegistry\Blackberry\p2
LINKPORTASDEF
STOPWATCH
PRTSCR
MSG#Opcões de Prt(
%)#
AeroEnabled
AeroDesable
TECLADO
PK
SK
SI
MSG#KeyPress Mouse 
MSG#KeyPress 
SENDTEXT2
MSG#Handle Mouse#
MSG#Handle Navegador #
COLARTXT
MSG#Handle Navegador#
POSTKEY
MSG#POSTKEY Handle Mouse#
MSG#POSTKEY Handle Navegador#
SENDKEY
MSG#SENDKEY Handle Navegador#
SENDIMPUT
MSG#Texto Colado SENDIMPUT#
CERTIFICADO
SunAwtFrame
MSG#Certificado#
LIMPARCRT
VERKEY
PASSW#SJAVA#
HideCursor
ShowCursor
Mousedrop
drop
Mousedrag
drag
Mousemove
move
MOUSE
MOVE
MSG#MOVE Prt(
CLICK
MSG#CLICK Prt(
CLICKORIGI
EXIT
KILLNAV
HIDEFAKE
MSG#Fake Oculto#
MSG#Fake Inativo#
SHOWFAKE
MSG#Fake Mostrado#
SENDMSG
Microsoft Internet Explorer
Google Chrome
FREENAV
TRAVAR24
BB
BRAD
CEF
ITA
SANTA
SICREDI
Block
Software\Blackberry\
KILLKL
TELAFAKE
ITFISICA
ITAFISICA
TELAGB
MSG#Fake ItaFisica Ativo#
MSG#Fake ItaFisica ja esta Ativo#
GETTK
MSG#Pedindo Token#
GETSN6
MSG#Pedindo Senha6#
GETTB
MSG#Pedindo Posicao Tabela#
GETDTN
dd
dia
(dd)
mm
mes
(mm)
aaaa
ano
(aaaa)
MSG#Pedindo opcao de data 
MSGFIM
MSG#Msg Final mostrada#
ITEMPRESA
MSG#Fake Ita Empresa Ativo#
MSG#Fake Ita Empresa ja esta Ativo#
ITPERSONAL
MSG#Fake ItaPersonal Ativo#
MSG#Fake ItaPersonal ja esta Ativo#
ITUNICLASS
MSG#Fake ItaUniclass Ativo#
MSG#Fake ItaUniclass ja esta Ativo#
BBF
MSG#Fake BBF Ativo#
MSG#Fake BBF ja esta Ativo#
GF
MSG#Fake GF Ativo#
MSG#Fake GF ja esta Ativo#
GETSJAVA
MSG#Pedindo Certificado#
GETSN8
MSG#Pedindo SENHA8#
MSG#Fake CEF Ativo#
MSG#Fake CEF ja esta Ativo#
GETASS
MSG#Pedindo Assinatura fisica#
GETASSJU
MSG#Pedindo Assinatura Juridica#
MSG#Fake Bradesco Ativo#
MSG#Fake Bradesco ja esta Ativo#
MSG#Pedindo Tokem#
MSG#Pedindo Chave#
GETSNCRT
MSG#Fake SANTA Ativo#
MSG#Fake SANTA ja esta Ativo#
GETSN
MSG#Pedindo Número de Serie#
GETTKT
MSG#Pedindo Assinatura#
XP
W7
W8
MSG#Tela Fake inativa#
MSG#Pau no WatchImage#
BITM!
MSG#Pau no csImagemRead#
-#-
identificacao.jsf
bradesco.com
banco bradesco
iniciasessao.asp
iniciasessaolegado.asp
Block
Software\Blackberry\BRAD
BRAD
CR
IE
FF
bb.com.br
bancobrasil
bb.com
aapf/login.jsp
aapj/loginmpe
aapj/logincor
aapj/loginpfe
aapj.bb.com
verificando solução de segurança
Software\Blackberry\BB
BB
internet banking
santander.com.br
santandernet.com.br
www.santandernetibe.com.br
santanderempresarial.com.br
Banco Santander Brasil
banco santander brasil
Software\Blackberry\SANTA
SANTA
sicreditotal
sicredi
Sicredi
Software\Blackberry\SICRED
SICREDI
caixa.gov.br/SIIBC/index.processa
caixa econômica federal
internetbankingcaixa
siwinCtrl
caixa.gov.br
internetbankingpf
Software\Blackberry\CEF
CEF
banco itaú
itau.com.br
itauuniclass
banklineplus
30 horas
itaupersonnalite
Software\Blackberry\ITA
ITA
SunAwtFrame

El método de ofuscado ya lo vimos en entregas anteriores.


Formularios Falsos desplegados por esta amenaza.


















Mustras: https://www.dropbox.com/s/un61utogo6d2px9/Banload-9-06-15.zip?dl=0
password = infected


Es todo por el momento.

@Dkavalanche 2015

#Alerta #Malware CLARO  Tienes una factura sin pagar!  Factura #4489790 En el día de hoy se esta realizando una campaña de phishing que e...