2020-06-25 - RESUME-THEMED MALSPAM PUSHING ZLOADER

ASSOCIATED FILES:

NOTE:

 

IMAGES


Shown above:  Screenshot of the malspam example.

 


Shown above:  Opening the attached spreadsheet requires password from the message text.

 


Shown above:  Screenshot of the spreadsheet.

 


Shown above:  Traffic from an infection filtered in Wireshark.

 


Shown above:  Initial location of the ZLoader DLL.

 


Shown above:  Decoy folders created by ZLoader.

 


Shown above:  ZLoader persistent on the infected Windows host.

 

Click here to return to the main page.