Judicial Notification Phish Targets Colombian Users – .SVG Attachment Deploys Info-stealer Malware

Executive summary: This report analyzes a targeted Spanish-language phishing campaign impersonating a Colombian judicial office that uses a malicious SVG attachment to stage an HTA/VBS/PowerShell chain, which downloads and decodes a .NET loader that fetches an injector and AsyncRAT; the campaign employs anti-VM and AMSI-evasion techniques, in-memory process injection (MSBuild.exe), persistence (Run key / scheduled task / startup shortcut), and capabilities for data collection and encrypted C2 exfiltration. The analysis includes file MD5s, detection names, and mapped MITRE ATT&CK TTPs.