2014-10-28 - ASPROX BOTNET SERVING FREE PIZZA

ASSOCIATED FILES:

 

NOTES:

 

EXAMPLE OF THE EMAILS

SCREENSHOT:

 

MESSAGE TEXT:

From: Pizza Hut <support@gameroomdesigns.net>
Reply-To: Pizza Hut <upport@gameroomdesigns.net>
Date: Monday, October 27, 2014 at 19:33 UTC
Subject: Free Pizza

Pizza Hut
MAKE IT GREAT
Free personal Pan Pizza

Today we are celebrating our 55th anniversary and we want you to share this celebration with us - you may get a free pizza in any of our restaurants.

Get Free Pizza Coupon

The offer is valid through November 5th, 2014.
Copyright (c) 2014 | All right reserved | Pizza Hut

 

EXAMPLE OF A LINK TO THE MALWARE:

navbcn.com - GET /title.php?pizza=zbXJaeu6meBKvp93EGAHdy0kKh0xW51b8k+TprK9nRA

 

PRELIMINARY MALWARE ANALYSIS

EMAIL ATTACHMENT:

File name:  PizzaHut_Coupon.zip
File size:  103.0 KB ( 105455 bytes )
MD5 hash:  e8045d8c9851b509a7bd25c9969cded2
Detection ratio:  3 / 53
First submission:  2014-10-28 23:06:16 UTC
VirusTotal link:  https://www.virustotal.com/en/file/dd3ea06d7dc1522e061c83e481b3758bdce6fe970e5d90b3d00e633ff14a4677/analysis/

 

EXTRACTED MALWARE:

File name:  PizzaHut_Coupon.exe
File size:  180.0 KB ( 184320 bytes )
MD5 hash:  191a02952905cc0037753700636c3339
Detection ratio:  4 / 54
First submission:  2014-10-28 23:06:27 UTC
VirusTotal link:  https://www.virustotal.com/en/file/03264df33e8766c86be99bf351531500b9101d8d21addf5a86e331097885544f/analysis/
Malwr.com link:  https://malwr.com/analysis/YjQ1MDlmYmViMmU4NDczYjljNzc2MDhlNzJhYTNmZDU/

 

INFECTION TRAFFIC

FROM MALWR.COM ANALYSIS OF THE MALWARE:

 

FINAL NOTES

Once again, here are the associated files:

ZIP files are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.