2017-06-12 - URSNIF INFECTION FROM JAPANESE MALSPAM

NOTICE:

ASSOCIATED FILES:

  • 2017-06-12-Ursnif-infection-traffic.pcap   (349,173 bytes)
  • emd.exe   (306,688 bytes)
  • の請求書2.xls   (45,056 bytes)

 

NOTES:


Shown above:  Tweet from @tmmalanalyst.

 

EMAILS


Shown above:  Screen shot from the email.

 

EMAIL HEADERS:

 


Shown above:  Malicious Excel spreadsheet from the malspam.

 

TRAFFIC


Shown above:  Traffic from the infection filtered in Wireshark.

 

ASSOCIATED DOMAINS:

 

FILE HASHES

EXCEL SPREADSHEET FROM THE EMAIL:

URSNIF MALWARE:

 

IMAGES


Shown above:  Updated Windows registry for malware persistence.

 

Click here to return to the main page.