2017-09-18 - MALSPAM PUSHING EMOTET TROJAN

ASSOCIATED FILES:

  • 2017-09-18-Emotet-malspam-traffic.pcap   (691,065 bytes)
  • 2017-09-18-Emotet-malspam-1433-UTC.eml   (1,318 bytes)
  • Invoice_5499.doc   (65,024 bytes)
  • MIKxorREXp.exe   (90,112 bytes)

 

TWEETS NOTED ABOUT TODAY'S WAVE OF #EMOTET MALSPAM:

 

EMAIL


Shown above:  Screenshot from an email seen on 2017-09-18.

 

HEADER INFORMATION:

 


Shown above:  Malicious Word document downloaded from link in the email.

 

TRAFFIC


Shown above:  Traffic from the infection filtered in Wireshark.

 

ASSOCIATED TRAFFIC:

 

MALWARE

WORD DOCUMENT DOWNLOADED FROM EMAIL LINK:

FOLLOW-UP MALWARE (EMOTET):

 

FINAL NOTES

Once again, here are the associated files:

ZIP files are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.