2014-10-29 - ASPROX BOTNET SERVING STARBUCKS COFFEE

ASSOCIATED FILES:

 

NOTES:

 

EXAMPLE OF THE EMAILS

SCREENSHOT:

 

MESSAGE TEXT:

Date: Tue, 7 Oct 2014 13:05:38 +0100 (BST)
Subject: Enjoy your Starbucks Card eGift
From: Starbucks <support@thevideowizards.com>
To:
Reply-To: Starbucks <support@thevideowizards.com>

* STARBUCKS *
Starbucks Coffee Company

Enjoy your Starbucks Card eGift

AT&T has sent you a $20* Starbucks Card eGift. While you think of your next favorite beverage to enjoy, take a look at your gift and how it works.

Enjoing your eGift is easy. Just print it out and bring it into any participating Sturbucks store.

Your Card Security Code: 6039 3967

© 2014 Starbucks Corporation. All rights reserved.
NOTE: The dates and times on the emails are off by up to three weeks or more.  I've only started seeing these today.

 

LINK TO THE MALWARE FROM THE EMAIL:

news.reynders.com - GET /start.php?stb=ct5PvvUYyyveO2hLRjgipQal/H5TidSFQiB9yTQfG64

 

PRELIMINARY MALWARE ANALYSIS

DOWNLOADED ZIP FILE:

File name:  Sturbucks_eGift.zip
File size:  68.7 KB ( 70302 bytes )
MD5 hash:  c82caea70fa296634e8b9b540e936285
Detection ratio:  4 / 54
First submission:  2014-10-29 13:48:03 UTC
VirusTotal link:  https://www.virustotal.com/en/file/c6c54dc1acf8cd39cfc19ab5ac5ae602483b939c6b5b11c6c936da9eb675743f/analysis/

 

EXTRACTED MALWARE:

File name:  Sturbucks_eGift.exe
File size:  106.0 KB ( 108544 bytes )
MD5 hash:  265edaaa6fcf995e0ea45c88a81bb531
Detection ratio:  3 / 53
First submission:  2014-10-29 13:48:09 UTC
VirusTotal link:  https://www.virustotal.com/en/file/d5cb9f534b0a1ef81ac3d4f0e90ddb9a0ae1d4a96f8363eb4e116bcdfbaa1b99/analysis/
Malwr.com link:  https://malwr.com/analysis/NmZkMzUwZmE4MWFjNGVhOGE0OGE0NWFlY2ZjNzJhMWE/

 

FINAL NOTES

Once again, here are the associated files:

ZIP files are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.