2017-09-14 - FAKE MICROSOFT UPDATE MALSPAM WITH .EXE ATTACHMENTS

ASSOCIATED FILES:

  • 2017-09-14-traffic-from-1st-sample.pcap   (1,445 bytes)
  • 2017-09-14-traffic-from-3rd-sample.pcap   (82,799 bytes)
  • 2017-09-14-fake-Microsoft-update-tracker.csv   (5,256 bytes)
  • 2017-09-14-1st-sample.exe   (36,864 bytes)
  • 2017-09-14-2nd-sample.exe   (41,472 bytes)
  • 2017-09-14-3rd-sample.exe   (27,648 bytes)
  • 2017-09-14-follow-up-malware-from-3rd-sample.exe   (75,264 bytes)
  • Fake-Microsoft-emails-on-2017-09-11-thru-09-13.txt   (27,613 bytes)

NOTES:

 

EMAILS


Shown above:  Screenshot from the spreadsheet tracker.

 


Shown above:  Screenshot from an email on 2017-09-13.

 

EMAILS NOTED:

 

TRAFFIC


Shown above:  Traffic from the 1st example of the malspam attachments.

 


Shown above:  Traffic from the 3rd example of the malspam attachments.

 

ASSOCIATED URLS:

 

ASSOCIATED MALWARE

ATTACHED EXE FILE, 1ST SAMPLE:

ATTACHED EXE FILE, 2ND SAMPLE:

ATTACHED EXE FILE, 3RD SAMPLE:

FOLLOW-UP MALWARE:

 

FINAL NOTES

Once again, here are the associated files:

ZIP files are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.