2020-06-25 - RESUME-THEMED MALSPAM PUSHING ZLOADER
- 2020-06-25-resume-themed-ZLoader-infection-IOCs.txt.zip 1.1 kB (1,109 bytes)
- 2020-06-25-resume-themed-malspam-example.eml.zip 514 kB (514,030 bytes)
- 2020-06-25-ZLoader-infection-traffic.pcap.zip 5.7 MB (5,690,277 bytes)
- 2020-06-25-ZLoader-malware-and-artifacts.zip 949 kB (948,744 bytes)
- All zip archives on this site are password-protected with the standard password. If you don't know it, see the "about" page of this website.
- I wrote an ISC diary on this about two weeks ago on 2020-06-10: link.
Shown above: Screenshot of the malspam example.
Shown above: Opening the attached spreadsheet requires password from the message text.
Shown above: Screenshot of the spreadsheet.
Shown above: Traffic from an infection filtered in Wireshark.
Shown above: Initial location of the ZLoader DLL.
Shown above: Decoy folders created by ZLoader.
Shown above: ZLoader persistent on the infected Windows host.
Click here to return to the main page.