2017-06-05 - DRIDEX MALSPAM (WORD DOCS IN PDF ATTACHMENTS)

ASSOCIATED FILES:

OTHER REPORTS ON TODAY'S MALSPAM WITH MORE INDICATORS AT:

 

EMAILS


Shown above:  Spreadsheet on the 8 emails I collected.

 

MALWARE


Shown above:  As usual, the PDF attachment contains an embedded Word document with malicious macros.

 


Shown above:  Another shot of the PDF attachment from the second wave.

 


Shown above:  No picture or instructions this time.  Just a blank Word document with macros.

 

SHA256 HASHES FOR THE PDF ATTACHMENTS:

SHA256 HASHES FOR THE EMBEDDED WORD DOCUMENTS:

FILES RETRIEVED FROM INFECTED HOST:

 

TRAFFIC

URLS FROM THE WORD MACROS TO DOWNLOAD DRIDEX:

 

DRIDEX POST-INFECTION TRAFFIC:

 

FINAL NOTES

Once again, here are the associated files:

ZIP files are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.