Files with TXZ extension used as malspam attachments

May 28, 2024, 11:28 a.m.

Description

A recent report describes a malspam campaign distributing malware payloads in attachments with TXZ file extensions. The attachments were RAR archives with renamed extensions, likely attempting to exploit native TXZ support in Windows 11. Two campaigns distributed the payloads, one with GuLoader malware targeting Spain and Slovakia, the other with Formbook targeting Croatia and Czechia.

External References

https://isc.sans.edu/diary/rss/30958
https://otx.alienvault.com/pulse/6655b8f78c8020a11658112e
Tags
malspam
2024-05-28
formbook
guloader

Date

  • Created: May 28, 2024, 10:59 a.m.
  • Published: May 28, 2024, 10:59 a.m.
  • Modified: May 28, 2024, 11:28 a.m.

Indicators

  • 3f060b4039fdb7286558f55295064ef44435d30ed83e3cd2884831e6b256f542
  • 1ab5f558baf5523e460946ec4c257a696acb785f7cc1da82ca49ffce2149deb6
Download all indicators here!

Attack Patterns

  • GuLoader - S0561
  • FormBook
  • T1598.002
  • T1071.004
  • T1193
  • T1566.002
  • T1598
  • T1566.001
  • T1071
  • T1192
  • T1204
  • T1566

Additional Informations

  • Croatia
  • Slovakia
  • Czechia
  • Spain