2016-09-21 - BOLETO MALSPAM

ASSOCIATED FILES:

  • 2016-09-21-boleto-malspam-infection-traffic.pcap   (1,874,946 bytes)
  • 1ru5a5ow.axo.vbs   (7,775 bytes)
  • 2016-09-21-boleto-malspam-artifacts-information.csv   (1,977 bytes)
  • 2016-09-21-boleto-malspam-email.eml   (1,838 bytes)
  • 5vieed1p.pad.vbs   (338 bytes)
  • DRACULA-PC.aes   (16 bytes)
  • DRACULA-PC.zip   (1,079,293 bytes)
  • Ionic.Zip.Reduced.dll   (253,440 bytes)
  • VCTO20097H3TOPyneOpr01jtiKs1iRdVptbVON3n7.vbs   (1,084 bytes)
  • aaaaaaaaaaaa.xml   (3,374 bytes)
  • dll.dll.exe   (396,480 bytes)
  • tmp42DA.tmp   (11,548 bytes)
  • tmp6124.tmp   (0 bytes)
  • tmp6124.tmpps1   (3,447 bytes)
  • tmpC9B4.tmp   (11,548 bytes)

 

EMAILS


Shown above:  Screen shot of the email.

 

TRAFFIC


Shown above:  Traffic from the pcap filtered in Wireshark.

 

ASSOCIATED DOMAINS:

 

FINAL NOTES

Once again, here are the associated files:

ZIP files are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.