2017-01-25 - HANCITOR/PONY MALSPAM - SUBJECT: YOU RECEIVED A NEW EFAX

ASSOCIATED FILES:

 

NOTES:

 

MALSPAM


Shown above:  Screenshot of the email.

 

TRAFFIC

ASSOCIATED ACTIVITY:


Shown above:  Pcap of the infection traffic filtered in Wireshark.

 

MALWARE

MALWARE RETRIEVED FROM THE INFECTED HOST:

 

FINAL NOTES

Once again, here are the associated files:

ZIP files are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.