2014-10-29 - ASPROX BOTNET EMAIL SERVES STARBUCKS COFFEE

NOTICE:

• The zip archives on this page have been updated, and they now use the new password scheme.  For the new password, see the "about" page of this website.

ASSOCIATED FILES:

• 2014-10-29-Starbucks-themed-Asprox-email-example.eml.zip
• 2014-10-29-malware-from-Asprox-botnet-email.zip

 

NOTES:

• The sending date from my example shows 2014-10-07, but I've only noticed these Starbucks-themed Asprox bontet emails starting today (2014-10-29).
• Confirmed tt started earlier this month...  See:  Spam list: Enjoy your Starbucks Card eGift - Asprox Malware
• Didn't get any traffic from the Malwr analysis on today's sample.

 

EXAMPLE OF THE EMAILS

SCREENSHOT:

 

MESSAGE TEXT:

Date: Tue, 7 Oct 2014 13:05:38 +0100 (BST)
Subject: Enjoy your Starbucks Card eGift
From: Starbucks <support@thevideowizards[.]com>
To:
Reply-To: Starbucks <support@thevideowizards[.]com>

* STARBUCKS *
Starbucks Coffee Company

Enjoy your Starbucks Card eGift

AT&T has sent you a $20* Starbucks Card eGift. While you think of your next favorite beverage to enjoy, take a look at your gift and how it works.

Enjoing your eGift is easy. Just print it out and bring it into any participating Sturbucks store.

Your Card Security Code: 6039 3967

© 2014 Starbucks Corporation. All rights reserved.

NOTE: The dates and times on the emails are off by up to three weeks or more.  I've only started seeing these today.

 

LINK TO THE MALWARE FROM THE EMAIL:

news.reynders[.]com - GET /start.php?stb=ct5PvvUYyyveO2hLRjgipQal/H5TidSFQiB9yTQfG64

 

PRELIMINARY MALWARE ANALYSIS

DOWNLOADED ZIP FILE:

File name:  Sturbucks_eGift.zip
File size:  70,302 bytes
MD5 hash:  c82caea70fa296634e8b9b540e936285
Detection ratio:  4 / 54
First submission:  2014-10-29 13:48:03 UTC
VirusTotal link:  https://www.virustotal.com/en/file/c6c54dc1acf8cd39cfc19ab5ac5ae602483b939c6b5b11c6c936da9eb675743f/analysis/

 

EXTRACTED MALWARE:

File name:  Sturbucks_eGift.exe
File size:  108,544 bytes
MD5 hash:  265edaaa6fcf995e0ea45c88a81bb531
Detection ratio:  3 / 53
First submission:  2014-10-29 13:48:09 UTC
VirusTotal link:  https://www.virustotal.com/en/file/d5cb9f534b0a1ef81ac3d4f0e90ddb9a0ae1d4a96f8363eb4e116bcdfbaa1b99/analysis/

 

Click here to return to the main page.