2016-05-19 - LOCKY MALSPAM - FAKE HP SCANJET MESSAGES

ASSOCIATED FILES:

 

NOTES:

 

EMAILS AND ATTACHMENTS


Shown above:  Data from the .csv spreadsheet on 4 emails from today's Locky malspam.

 


Shown above:  Data from the .csv spreadsheet on 4 attachments from today's Locky malspam.

 


Shown above:  Example from one of the emails.

 

TRAFFIC


Shown above:  Traffic from enabling macros on the .docm files, filtered in Wireshark.

 

HTTP REQUESTS FROM THE WORD MACROS:

POST-INFECTION CALLBACK FROM THE LOCKY SAMPLE:

 

IMAGES


Shown above:  Desktop of a Windows host after enabling macros on one of the .docm files from the malspam.

 

ZIP ARCHIVE CONTENTS

 

FINAL NOTES

Once again, here is the associated file:

The ZIP file is password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.