2016-06-09 - SMUTTY MALSPAM

ASSOCIATED FILES:

  • 2016-06-08-2036-UTC.eml   (6,113 bytes)
  • 2016-06-09-0244-UTC.eml   (5,718 bytes)
  • Traffic-after-2016-06-08-2036-UTC-email.pcap   (3,581,062 bytes)
  • Traffic-after-2016-06-09-0244-UTC-email.pcap   (711,437 bytes)
  • Video(wav).zip   (28,777 bytes)
  • _Video_   (610,304 bytes)
  • _Video_.jar   (137,391 bytes)
  • vmnat.exe   (6,095,668 bytes)
  • vmnat.zip   (3,837,872 bytes)

 

NOTES:

 

IMAGES


Shown above:  First example of this malicious spam (malspam).

 


Shown above:  Second example of this malspam.

 


Shown above:  Translation of the message text using Google Translate.

 


Shown above:  Traffic after the first email.  (Note: The initial HTTPS traffic for the Google Drive link isn't included in that first pcap.)

 


Shown above:  Traffic after the second email.

 


Shown above:  Malware from the first time I tried the Google drive link from those two emails.

 


Shown above:  Malware from the second time I tried the Google drive link from those two emails.

 

FINAL NOTES

Once again, here are the associated files:

ZIP files are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.