Files with TXZ extension used as malspam attachments
May 28, 2024, 11:28 a.m.
Tags
External References
Description
A recent report describes a malspam campaign distributing malware payloads in attachments with TXZ file extensions. The attachments were RAR archives with renamed extensions, likely attempting to exploit native TXZ support in Windows 11. Two campaigns distributed the payloads, one with GuLoader malware targeting Spain and Slovakia, the other with Formbook targeting Croatia and Czechia.
Date
Published: May 28, 2024, 10:59 a.m.
Created: May 28, 2024, 10:59 a.m.
Modified: May 28, 2024, 11:28 a.m.
Indicators
3f060b4039fdb7286558f55295064ef44435d30ed83e3cd2884831e6b256f542
1ab5f558baf5523e460946ec4c257a696acb785f7cc1da82ca49ffce2149deb6
Attack Patterns
GuLoader - S0561
FormBook
T1598.002
T1071.004
T1193
T1566.002
T1598
T1566.001
T1071
T1192
T1204
T1566
Additional Informations
Croatia
Slovakia
Czechia
Spain