2014-10-29 - ASPROX BOTNET EMAIL SERVES STARBUCKS COFFEE
NOTICE:
- The zip archives on this page have been updated, and they now use the new password scheme. For the new password, see the "about" page of this website.
ASSOCIATED FILES:
- 2014-10-29-Starbucks-themed-Asprox-email-example.eml.zip
- 2014-10-29-malware-from-Asprox-botnet-email.zip
NOTES:
- The sending date from my example shows 2014-10-07, but I've only noticed these Starbucks-themed Asprox bontet emails starting today (2014-10-29).
- Confirmed tt started earlier this month... See: Spam list: Enjoy your Starbucks Card eGift - Asprox Malware
- Didn't get any traffic from the Malwr analysis on today's sample.
EXAMPLE OF THE EMAILS
SCREENSHOT:
MESSAGE TEXT:
Date: Tue, 7 Oct 2014 13:05:38 +0100 (BST)
Subject: Enjoy your Starbucks Card eGift
From: Starbucks <support@thevideowizards[.]com>
To:
Reply-To: Starbucks <support@thevideowizards[.]com>
* STARBUCKS *
Starbucks Coffee Company
Enjoy your Starbucks Card eGift
AT&T has sent you a $20* Starbucks Card eGift. While you think of your next favorite beverage to enjoy, take a look at your gift and how it works.
Enjoing your eGift is easy. Just print it out and bring it into any participating Sturbucks store.
Your Card Security Code: 6039 3967
© 2014 Starbucks Corporation. All rights reserved.
NOTE: The dates and times on the emails are off by up to three weeks or more. I've only started seeing these today.
LINK TO THE MALWARE FROM THE EMAIL:
news.reynders[.]com - GET /start.php?stb=ct5PvvUYyyveO2hLRjgipQal/H5TidSFQiB9yTQfG64
PRELIMINARY MALWARE ANALYSIS
DOWNLOADED ZIP FILE:
File name: Sturbucks_eGift.zip
File size: 70,302 bytes
MD5 hash: c82caea70fa296634e8b9b540e936285
Detection ratio: 4 / 54
First submission: 2014-10-29 13:48:03 UTC
VirusTotal link: https://www.virustotal.com/en/file/c6c54dc1acf8cd39cfc19ab5ac5ae602483b939c6b5b11c6c936da9eb675743f/analysis/
EXTRACTED MALWARE:
File name: Sturbucks_eGift.exe
File size: 108,544 bytes
MD5 hash: 265edaaa6fcf995e0ea45c88a81bb531
Detection ratio: 3 / 53
First submission: 2014-10-29 13:48:09 UTC
VirusTotal link: https://www.virustotal.com/en/file/d5cb9f534b0a1ef81ac3d4f0e90ddb9a0ae1d4a96f8363eb4e116bcdfbaa1b99/analysis/
Click here to return to the main page.