Malware-Traffic-Analysis.net - 2014-10-28 - Asprox botnet emails serve free pizza

2014-10-28 - ASPROX BOTNET EMAILS SERVE FREE PIZZA

NOTICE:

The zip archives on this page have been updated, and they now use the new password scheme. For the new password, see the "about" page of this website.

ASSOCIATED FILES:

NOTES:

As early as Monday 2014-10-27, the Asprox botnet started sending fake Pizza Hut emails with the subject line: Free Pizza
Another subject line is: 55th Anniversary and Free Pizza
For another example, see: https://wordtothewise.com/2014/10/spam-malware-phish/

EXAMPLE OF THE EMAILS

SCREENSHOT:

MESSAGE TEXT:

From: Pizza Hut <support@gameroomdesigns[.]net>
Reply-To: Pizza Hut <upport@gameroomdesigns[.]net>
Date: Monday, October 27, 2014 at 19:33 UTC
Subject: Free Pizza

Pizza Hut
MAKE IT GREAT
Free personal Pan Pizza

Today we are celebrating our 55th anniversary and we want you to share this celebration with us - you may get a free pizza in any of our restaurants.

Get Free Pizza Coupon

The offer is valid through November 5th, 2014.
Copyright (c) 2014 | All right reserved | Pizza Hut

EXAMPLE OF A LINK TO THE MALWARE:

navbcn[.]com - GET /title.php?pizza=zbXJaeu6meBKvp93EGAHdy0kKh0xW51b8k+TprK9nRA

PRELIMINARY MALWARE ANALYSIS

EMAIL ATTACHMENT:

File name: PizzaHut_Coupon.zip
File size: 105,455 bytes
MD5 hash: e8045d8c9851b509a7bd25c9969cded2
Detection ratio: 3 / 53
First submission: 2014-10-28 23:06:16 UTC
VirusTotal link: https://www.virustotal.com/en/file/dd3ea06d7dc1522e061c83e481b3758bdce6fe970e5d90b3d00e633ff14a4677/analysis/

EXTRACTED MALWARE:

File name: PizzaHut_Coupon.exe
File size: 184,320 bytes
MD5 hash: 191a02952905cc0037753700636c3339
Detection ratio: 4 / 54
First submission: 2014-10-28 23:06:27 UTC
VirusTotal link: https://www.virustotal.com/en/file/03264df33e8766c86be99bf351531500b9101d8d21addf5a86e331097885544f/analysis/

INFECTION TRAFFIC

FROM SANDBOX ANALYSIS OF THE MALWARE:

2014-10-28 23:08:33 UTC - 85.12.29[.]172:8080 - POST /index.php

Click here to return to the main page.