 |
غلق |
 |
خيارات وادوات |
|
|
غلق |
|
خيارات وادوات |
|
مواضيع أخرى للكاتب-ة
بحث :مواضيع ذات صلة: |
(Spider-Man.zip) is a malicious archive typically used in phishing campaigns targeting Brazilian users to deliver banking trojans or info-stealers . These attacks exploit the popularity of the "Spider-Man" franchise to trick users into downloading and executing malicious payloads hidden within the compressed file. Malware Analysis Write-up Enable "Show file extensions" in Windows to spot disguised files (e.g., SpiderMan.mp4.exe ). Outbound connections to suspicious .top , .xyz , or .icu domains hosted on inexpensive VPS providers. Mitigation Recommendations The threat usually arrives via phishing emails or social media lures. These messages often promise "exclusive content," leaked movie footage, or cracked games related to Spider-Man. The email includes a direct download link or an attachment named Homem Aranha.zip . The script downloads the final stage malware, frequently identified as a variant of Grandoreiro or Mekotio —two prominent Brazilian banking trojans. 3. Key Malware Characteristics It often checks for virtual environments or sandbox signatures (like VMware or VirtualBox) and terminates execution if it detects a researcher's environment. 4. Indicators of Compromise (IoCs) Filename: Homem Aranha.zip , Spider-Man_Full_Movie.zip It monitors browser activity for banking URLs. When a match is found, it can overlay fake login screens to capture credentials or intercept Two-Factor Authentication (2FA) codes. |
|
(Spider-Man.zip) is a malicious archive typically used in phishing campaigns targeting Brazilian users to deliver banking trojans or info-stealers . These attacks exploit the popularity of the "Spider-Man" franchise to trick users into downloading and executing malicious payloads hidden within the compressed file. Malware Analysis Write-up
Enable "Show file extensions" in Windows to spot disguised files (e.g., SpiderMan.mp4.exe ). Homem Aranha.zip
Outbound connections to suspicious .top , .xyz , or .icu domains hosted on inexpensive VPS providers. Mitigation Recommendations (Spider-Man
The threat usually arrives via phishing emails or social media lures. These messages often promise "exclusive content," leaked movie footage, or cracked games related to Spider-Man. The email includes a direct download link or an attachment named Homem Aranha.zip . Outbound connections to suspicious
The script downloads the final stage malware, frequently identified as a variant of Grandoreiro or Mekotio —two prominent Brazilian banking trojans. 3. Key Malware Characteristics
It often checks for virtual environments or sandbox signatures (like VMware or VirtualBox) and terminates execution if it detects a researcher's environment. 4. Indicators of Compromise (IoCs) Filename: Homem Aranha.zip , Spider-Man_Full_Movie.zip
It monitors browser activity for banking URLs. When a match is found, it can overlay fake login screens to capture credentials or intercept Two-Factor Authentication (2FA) codes.