Phishing Campaigns are Manipulating the Win Control Panel

1. Phishing Campaigns are Manipulating the Windows Control Panel Extension to Deliver Banking Trojans
2.  
3.  
4. Indicators of Compromise
5.  
6. Observed URLs: hxxps://gentsilen[.]com[.]mx/cl/factura[.]php?folio=1&Importancia=Urgente&descarga=true&impuestos=servidor_alerce&site=www[.]sii[.]cl
7.  
8. 185-35-139-197[.]v4[.]as62454[.]net
9.  
10. 185-35-139-190[.]v4[.]as62454[.]net
11.  
12.  
13. Observed IPs:
14.  
15. 185[.]35[.]137[.]85
16.  
17. 185[.]35[.]137[.]80
18. 185[.]35[.]139[.]190
19.  
20.  
21.  
22. Observed Files:
23. File Name: Sii_Documento_TVLN11.zip
24. MD5: 9ace92029ad8f1516b141de7022d3c42
25. SHA256: 15f107a75f166b519ce7ca8da094c9b915aa7a6b44fade360535e5112bfd2f5f
26. File size: 718,191 Bytes
27.  
28. File Name: Sii_Documento_TVLN11.zip
29. MD5: 7e8edf93d3565c4eacbbea19615d21d3
30. SHA256: 5c908e77c0e2f14f757d9b0b2d63f661bc277eb70e8caa46d85f038cb87f2c2b
31. File size: 717,935 Bytes
32.  
33. File Name: Sii_Documento_K3YLT2WJNU.cpl
34. MD5: 541a3aaf1f70c473f0018c9aa951fb9a
35. SHA256: d9e3913e5e6d151dd487d9e174c9e3e73d1883ea0c78cf97909caaf76dd4e618
36. File size: 761,902
37.  
38. File Name: mTjdyis.exe
39. MD5: b2218df5c3373a9a1b619e53281e9806
40. SHA256: 681ccc9e5bab3a23b3ce31fdc1eb8db268e79e1521e748d8f8c951d10a3a096c
41. File size: 400.872 Bytes
42.  
43. File Name: shfolder.dll
44. MD5: 037bb84e2aab7ab4df2e0c752c61233a
45. SHA256: b8af00e8e89583a529284496949cc2c10684b035
46. File size: 42.466.735 Bytes