2017-01-03 - MALSPAM - SUBJECT: URGENTE - ENTREGA BÃO EFETUADA. (71678)

ASSOCIATED FILES:

  • 2017-01-03-malspam-traffic.pcap   (14,469,070 bytes)
  • 2017-01-03-malspam-1012-UTC.eml   (4,041 bytes)
  • SR5418963745BR.vbs   (2,064 bytes)
  • avenger.exe   (731,136 bytes)
  • bonghooly.dll   (7,218,176 bytes)
  • win.exe   (5,265,920 bytes)
  • winsystem.exe   (15,225,856 bytes)

 

THE EMAIL


Shown above:  Screenshot of the email.

 

EMAIL DATA:

 

DOWNLOADED FILE FROM EMAIL LINK


Shown above:  Clicking the email link will download a .zip archive.

 


Shown above:  The zip archive contains a .vbs file.

 

ATTACHMENT AND EXTRACTED .VBS FILE:

 

TRAFFIC


Shown above:  Traffic from the infection filtered in Wireshark.

 

ASSOCIATED URLS:

 

FILES EXTRACTED FROM THE INFECTED HOST


Shown above:  Artifacts from the infected host.

 

Read: SHA256 hash - file name (file size)

 

FINAL NOTES

Once again, here are the associated files:

ZIP files are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.