2017-02-21 - ZEUS PANDA BANKER MALSPAM

ASSOCIATED FILES:

  • 2017-02-21-ZeusPandaBanker-malspam-traffic.pcap   (914,342 bytes)
  • 2017-02-21-ZeusPandaBanker-malspam-1241-UTC.eml   (27,574 bytes)
  • 2017-02-21-ZeusPandaBanker-malspam-1254-UTC.eml   (27,593 bytes)
  • 2017-02-21-ZeusPandaBanker-malspam-1259-UTC.eml   (27,228 bytes)
  • daticert.xml informazioni .zip   (16,416 bytes)
  • daticert.certificata.xml.js   (40,436 bytes)
  • posta certificata.eml.js   (37,593 bytes)
  • liber.exe   (396,288 bytes)

 

EMAIL

DESCRIPTION:


Shown above:  Screenshot of the email.

 

EMAIL HEADERS:

 

TRAFFIC


Shown above:  Traffic from the infection filtered in Wireshark.

 

ASSOCIATED DOMAINS:

 

FILE HASHES

EMAIL ATTACHMENT (ZIP ARCHIVE):

.JS FILE EXTRACTED FROM ZIP ARCHIVE (1 OF 2):

.JS FILE EXTRACTED FROM ZIP ARCHIVE (2 OF 2):

EXECUTABLE DOWNLOADED BY .JS FILE (ZEUS PANDA BANKER):

 

FINAL NOTES

Once again, here are the associated files:

ZIP files are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.