2017-01-12 - HANCITOR/PONY/VAWTRAK MALSPAM - SUBJECT: RE: RE: YOUR IPHONE ORDER

ASSOCIATED FILES:

  • 2017-01-12-Hancitor-Pony-Vawtrak-malspam-traffic.pcap   (1,398,569 bytes)
  • 2017-01-12-Hancitor-example.doc   (190,464 bytes)
  • 2017-01-12-Pony-example-pm1.dll   (71,680 bytes)
  • 2017-01-12-Vawtrak-example.exe   (489,984 bytes)
  • 2017-01-12-malspam-1652-UTC.eml   (1,049 bytes)

NOTES:


Shown above:  Flowchart for this infection traffic.

 

EMAIL


Shown above:  Screenshot of the email.

 

EMAIL HEADERS:

 


Shown above:  Word document downloaded from link in the email.

 

TRAFFIC


Shown above:  Word document downloaded from link in the email.

 

ASSOCIATED DOMAINS:

 

FILE HASHES

WORD DOCUMENT:

PONY DLL:

VAWTRAK MALWARE:

 

FINAL NOTES

Once again, here are the associated files:

ZIP files are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.