2014-07-09 - ASPROX BOTNET FAKE FUNERAL ANNOUNCEMENT PHISHING EMAILS

ASSOCIATED FILES:

 

TODAY'S EMAILS

SCREENSHOTS:



 

SUBJECT LINE:

Funeral of your friend

 

MESSAGE:

Funeral Announcement

Hereby we want to share your sorrow for your dear friend who passed away on Sunday, July 6, 2014.
You are cordially invited to express your sympathy in memory of your friend at a celebration of life service
that will be held on Tuesday, July 8, 2014 at the Ocker Funeral Home.

Please find more detailed information about the memorial service here.

Sincerely,
Funeral Home Secretary,
[different names used]

 

LINKS FROM THE EMAILS TO THE MALWARE:

NOTE: The link above for www.javinapolitano.es did not work for me.

 

PRELIMINARY MALWARE ANALYSIS

DOWNLOADED ZIP:

File name:  FuneralInvitation_San_Antonio.zip
File size:  78.5 KB ( 80391 bytes )
MD5 hash:  5eb4150af5a153241b2aee1bd78e8033
Detection ratio:  3 / 54
First submission:  2014-07-09 18:17:19 UTC
VirusTotal link:  https://www.virustotal.com/en/file/7ca5f69099a9f002255cbfe12b378818b7daae087d85e38098d1069919e6daa8/analysis/

 

EXTRACTED FILE:

File name:  FuneralInvitation_San_Antonio.exe
File size:  118.0 KB ( 120832 bytes )
MD5 hash:  f389a95e7cb672c37501143e9d418def
Detection ratio:  4 / 54
First submission:  2014-07-09 18:17:33 UTC
VirusTotal link:  https://www.virustotal.com/en/file/3405743613d8393f430bde91070b690c04a03dcbe64cee79c56ad001f2a6a468/analysis/
Malwr link:  https://malwr.com/analysis/NzFkYWM4MjFmYzJjNGYyYjg4NTQ0M2VmZjY4NDBhZjg/

 

CALLBACK TRAFFIC FROM SANDBOX ANALYSIS OF MALWARE

Malwr.com sandbox analysis - 2014-07-09-Asprox-malware-sandbox-analysis-01.pcap

Other sandbox analysis on the same malware earlier in the day - 2014-07-09-Asprox-malware-sandbox-analysis-02.pcap

 

FINAL NOTES

Once again, here are the associated files:

ZIP files are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

p>Click here to return to the main page.