2018-08-02 - QUICK POST: HANCITOR MALSPAM AND INFECTION TRAFFIC

ASSOCIATED FILES:

  • 2018-08-02-Hancitor-malspam-1440-UTC.eml   (9,409 bytes)
  • 2018-08-02-Hancitor-malspam-infection-traffic.pcap   (2,561,931 bytes)
  • 2018-08-02-Hancitor-malware-binary.exe   (103,424 bytes)
  • 2018-08-02-Zeus-Panda-Banker-caused-by-Hancitor.exe   (208,384 bytes)
  • 2018-08-02-downloaded-Word-doc-with-macro-for-Hancitor.doc   (221,184 bytes)

NOTES:

 

IMAGES


Shown above:  Screenshot of the emails headers from a malspam example.

 


Shown above:  The malspam example viewed in an email client.

 


Shown above:  Downloading the malicious Word doc from link in the malspam.

 


Shown above:  Traffic from the infection filtered in Wireshark.

 

Click here to return to the main page.