2016-06-09 - SMUTTY MALSPAM

ASSOCIATED FILES:

• ZIP archive of the malspam:  2016-06-09-malspam.zip   4.6 kB (4,646 bytes)

• 2016-06-08-2036-UTC.eml   (6,113 bytes)
• 2016-06-09-0244-UTC.eml   (5,718 bytes)

• ZIP archive of the pcaps:  2016-06-09-traffic.zip   4.1 MB (4,080,759 bytes)

• Traffic-after-2016-06-08-2036-UTC-email.pcap   (3,581,062 bytes)
• Traffic-after-2016-06-09-0244-UTC-email.pcap   (711,437 bytes)

• ZIP archive of the malware:  2016-06-09-malware.zip   8.5 MB (8,528,051 bytes)

• Video(wav).zip   (28,777 bytes)
• _Video_   (610,304 bytes)
• _Video_.jar   (137,391 bytes)
• vmnat.exe   (6,095,668 bytes)
• vmnat.zip   (3,837,872 bytes)

 

NOTES:

• Found more malspam after searching for material on an ISC diary I wrote for Wednesday, 2016-06-09 ( link ).

 

IMAGES

Shown above:  First example of this malicious spam (malspam).

 

Shown above:  Second example of this malspam.

 

Shown above:  Translation of the message text using Google Translate.

 

Shown above:  Traffic after the first email.  (Note: The initial HTTPS traffic for the Google Drive link isn't included in that first pcap.)

 

Shown above:  Traffic after the second email.

 

Shown above:  Malware from the first time I tried the Google drive link from those two emails.

 

Shown above:  Malware from the second time I tried the Google drive link from those two emails.

 

FINAL NOTES

Once again, here are the associated files:

• ZIP archive of the malspam:  2016-06-09-malspam.zip   4.6 kB (4,646 bytes)
• ZIP archive of the pcaps:  2016-06-09-traffic.zip   4.1 MB (4,080,759 bytes)
• ZIP archive of the malware:  2016-06-09-malware.zip   8.5 MB (8,528,051 bytes)

ZIP files are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.