2018-11-30 - QUICK POST: MALSPAM PUSHING FLAWED AMMYY RAT

ASSOCIATED FILES:

NOTES:

 

IMAGES:


Shown above:  Screenshot of the malspam and attached Word doc.

 


Shown above:  Infection traffic filtered in Wireshark.

 


Shown above:  Step 1 - Word macro retrieves MSI file.

 


Shown above:  Step 2 - MSI file retrieves and installs Flawed Ammyy.

 


Shown above:  Step 3 - Flawed Ammyy callback traffic.

 


Shown above:  Flawed Ammyy persistent on an infected Windows host.

 

Click here to return to the main page.