2017-06-08 - INFOSTEALER INFECTION FROM BRAZIL MALSPAM

NOTICE:

ASSOCIATED FILES:

  • 2017-06-08-Brazil-infostealer-infection-traffic.pcap   (9,261,121 bytes)
  • 2017-06-07-Brazil-malspam-1740-UTC.eml   (2,148 bytes)
  • 63466336034690346.etwe   (9,660,419 bytes)
  • Iptu-_-2017.zip   (1,126,288 bytes)

 

EMAILS


Shown above:  Screen shot from one of the emails.

 

EMAIL HEADERS:

 

INITIAL MALWARE


Shown above:  Clicking link from the email redirects to a Dropbox URL for a zip archive.

 


Shown above:  Contents of the zip archive.

 

TRAFFIC


Shown above:  Traffic from the infection filtered in Wireshark.

 


Shown above:  Some of the post-infection traffic.

 

ASSOCIATED DOMAINS AND URLS:

 

FILE HASHES

ZIP ARCHIVE AFTER CLICKING LINK FROM THE EMAIL:

FILE EXTRACTED FROM THE ZIP ARCHIVE:

MALWARE RETRIEVED FROM THE INFECTED HOST:


Shown above:  Zip archive downloaded during the infection.

 


Shown above:  Files noted on the infected host.

 

Click here to return to the main page.