2016-12-01 - MALSPAM - SUBJECT: DHL ITALY - NOTIFICIA SPEDIZIONE

ASSOCIATED FILES:

 

NOTES:

 

 

THE EMAIL


Shown above:  Screenshot of the email.

 

EMAIL HEADER INFO:

LINK FROM THE MESSAGE TEXT:

 

THE MALICIOUS ZIP ARCHIVE

ZIP ARCHIVE:

EXTRACTED .JS FILE:

 

TRAFFIC


Shown above:  Infection traffic filtered in Wireshark.

 

ASSOCIATED DOMAINS:

 

POST-INFECTION FILE HASHES

DOWNLOADED .EXE FILE:

 

FINAL NOTES

Once again, here are the associated archives:

ZIP files are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.