2017-01-31 - HANCITOR/PONY MALSPAM - SUBJECT: YOU RECEIVED A NEW EFAX

ASSOCIATED FILES:

  • 2017-01-31-hancitor-pony-malspam-traffic.pcap   (8,709,428 bytes)
  • 2017-01-31-eFax-malspam-1604-UTC.eml   (3,975 bytes)
  • eFax_ronaldo14.doc   (199,680 bytes)

NOTES:


Shown above:  Flowchart for this infection traffic.

 

EMAIL


Shown above:  Screenshot of the email.

 

EMAIL HEADERS:

 


Shown above:  Word document downloaded from link in the email.

 

TRAFFIC


Shown above:  Traffic from the infection filtere in Wireshark.

 

ASSOCIATED DOMAINS:

 

FILE HASHES

WORD DOCUMENT:

 

FINAL NOTES

Once again, here are the associated files:

ZIP files are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.