Sample File:

	MD5 hash:
		cc759f37d3d2b50d31a3fab352a32a53

	SHA1 hash:
		86a14b63dd6fd7eae38d841f64d9799fa4a53542

	SHA256 hash:
		b365a249a15ceeaee2e054f7112bf83683e6ada258f90da71762c992797b0b07

	SSDEEP hash:
		24:8NjFpQQCi7pnLj1Em0W5RwqGZ1M41mKjRg5cI4i4o0Czab/xtl:8tF/pLj15V5RK/5sc9oJabxt

	Filename(s):
		resultado-623472740.PDF.lnk

	Filetype:
		Windows Batch File (Shell Link)


Mutex IOCs:

		- None -


Registry Key IOCs:

		HKEY_CLASSES_ROOT\.dll
		HKEY_CLASSES_ROOT\dllfile
		HKEY_CLASSES_ROOT\dllfile\AutoRegister
		HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
		HKEY_CURRENT_USER\Software\Borland\Locales
		HKEY_CURRENT_USER\Software\CodeGear\Locales
		HKEY_CURRENT_USER\Software\Embarcadero\Locales
		HKEY_CURRENT_USER\Software\Microsoft\Command Processor
		HKEY_CURRENT_USER\Software\Microsoft\Command Processor\AutoRun
		HKEY_CURRENT_USER\Software\Microsoft\Command Processor\CompletionChar
		HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DefaultColor
		HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DelayedExpansion
		HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DisableUNCCheck
		HKEY_CURRENT_USER\Software\Microsoft\Command Processor\EnableExtensions
		HKEY_CURRENT_USER\Software\Microsoft\Command Processor\PathCompletionChar
		HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM\Log File Max Size
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM\Logging
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM\Logging Directory
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\MS Shell Dlg 2
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Script\Features
		HKEY_LOCAL_MACHINE\Software\Borland\Locales
		HKEY_LOCAL_MACHINE\Software\CodeGear\Locales
		HKEY_LOCAL_MACHINE\Software\Embarcadero\Locales
		HKEY_LOCAL_MACHINE\Software\Microsoft\COM3
		HKEY_LOCAL_MACHINE\Software\Microsoft\COM3\COM+Enabled
		HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor
		HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\AutoRun
		HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\CompletionChar
		HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\DefaultColor
		HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\DelayedExpansion
		HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\DisableUNCCheck
		HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\EnableExtensions
		HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\PathCompletionChar


Domain IOCs:

		xbr6lge984320911.notafiscal05.com


IP IOCs:

		35.196.254.156


URL IOCs:

		http://xbr6lge984320911.notafiscal05.com:25067/04/marxvxinhhma.jpg.zip?18841737
		http://xbr6lge984320911.notafiscal05.com:25067/04/marxvxinhhmb.jpg.zip?607484307
		http://xbr6lge984320911.notafiscal05.com:25067/04/marxvxinhhmc.jpg.zip?105185218
		http://xbr6lge984320911.notafiscal05.com:25067/04/marxvxinhhmdwwn.gif.zip?918109560
		http://xbr6lge984320911.notafiscal05.com:25067/04/marxvxinhhmdx.gif.zip?258277672
		http://xbr6lge984320911.notafiscal05.com:25067/04/marxvxinhhme.jpg.zip?231938807
		http://xbr6lge984320911.notafiscal05.com:25067/04/marxvxinhhmf.jpg.zip?161905089
		http://xbr6lge984320911.notafiscal05.com:25067/04/marxvxinhhmg.gif.zip?491458574
		http://xbr6lge984320911.notafiscal05.com:25067/04/marxvxinhhmgx.gif.zip?482400544
		http://xbr6lge984320911.notafiscal05.com:25067/04/marxvxinhhmxa.gif.zip?747193115
		http://xbr6lge984320911.notafiscal05.com:25067/04/marxvxinhhmxb.gif.zip?93543106
		http://xbr6lge984320911.notafiscal05.com:25067/04/r1.log
		http://xbr6lge984320911.notafiscal05.com:25067/04/marxvxinhhm98.dll.zip?714489159
		http://xbr6lge984320911.notafiscal05.com:25067/04/marxvxinhhmhh.dll.zip?31092521
		http://xbr6lge984320911.notafiscal05.com:25067/04/marxvxinhhmhh.dll.zip?86737238


File IOCs:

	Filenames:

		C:\ProgramData\tempa\marxvxinhhmg.gif
		C:\ProgramData\tempa\marxvxinhhmgx.gif
		C:\Windows\system32
		NUL
		c:\programdata\tempa\marxvxinhhmxa.gif
		c:\programdata\tempa\marxvxinhhmxb.gif

	MD5 hashes:

		6775eed60fd6b5dfa5d9dba8f976e49b
		9096e58936be2c6f06254cc8556bf566
		9f23bc32d7a7301be6180bd71cb94bb8
		c843e90ba4929afc31b56abd44cbbf0c

	SHA1 hashes:

		4b9a92061c0db704ecdc3a08f8ef368329afabaa
		7e02caf99d9a7b163371f56d933fbea533dcdad1
		95429037d3461bbda19c8ea8cf44f8afc40fd938
		b7d360811f09185a13fe6f23650a6bb20fd96fb3

	SHA256 hashes:

		5ac790ca79eaf5c42171b496d9157b4fe8b60b6ea509c5b5a44a58f9579d1979
		b25e74cd4e7ad8a72c893e6a65d012a1a623405fe6d5f2f49b6b3bb28792d9da
		dbae1639ffbb0568174809db2929847accd8588b8db2f1c5404b6b5d51d3c59d
		f89f02d38dc1ab0a8459e7a9d7d9776fd0f80a774988681bb369937d1bb06baa

	SSDEEP hashes:

		24576:G+U+3yhhnsfavKGgvMyKyrexEBhz54Bj2Tiht:GXCyhxsoKZvMySxEBhzA1ht
		3072:bPVTmNoQchJmJC2OWpEtetKH4z+YKgutcOoVWCMQbuxkABH9IpnlbFI:DJ3QchJm1OWpEjYzbKguahV1DAWl
		3072:oIPoJQ3TMogfqJGyc0S5xxQUWKb6T2TYfAALZ0jAo+m0L7yrXjPSlVZyugTSAvEu:jPQ6TdYsG0KO7PpL7sjqLZyuNvFU
		6144:M+oYY1UA5qNrHPRsW8QgQ52+zeej+zWYIav6x70LkeQtlrsTgOitJHVKJ:GYYvqBH18Gdbj+1cxILSZPLtJ1KJ