Yesterday Brad wrote an interesting diary[1] about a piece o malware based on AutoIT. Funny, I was also analyzing a sample that has been written in the same language. I don’t know exactly the source (it was spotted via a hunting ruile) but it seems to target the same people (based on the file name). Mine was delivered in a RAR archive called “doc-Impostos_514281.rar” (SHA256:84a35910ad7acb1455695be7aced111356fac9abc818f9ae0859677b07ac0d04). The VT score is very low: 1/61[2].
Article Link: https://isc.sans.edu/diary/rss/29408