2017-07-05 - MALWARE INFECTION FROM JAPANESE MALSPAM

NOTICE:

ASSOCIATED FILES:

  • 2017-07-05-malware-infection-from-Japanese-malspam.pcap   (315,863 bytes)
  • 2017-07-05-Japanese-malspam-0612-UTC.eml   (108,941 bytes)
  • 2017-07-05-Japanese-malspam-0622-UTC.eml   (109,035 bytes)
  • 2017-07-05-Japanese-malspam-0633-UTC.eml   (108,996 bytes)
  • 2017-07-05-Japanese-malspam-0654-UTC.eml   (108,945 bytes)
  • 2017-07-05-Japanese-malspam-0657-UTC.eml   (109,054 bytes)
  • 2017-07-05-Japanese-malspam-0722-UTC.eml   (108,955 bytes)
  • 2017-07-05-Japanese-malspam-0728-UTC.eml   (108,908 bytes)
  • 29459.exe   (202,240 bytes)
  • 7428086_2017.xls   (79,872 bytes)

 

RELATED TWEET:

 

EMAILS


Shown above:  Screenshot from one of the emails.

 

EMAILS GATHERED:

(Read: Date/Time -- Sending address (spoofed) -- Subject -- Attachment name)

 


Shown above:  One of the Excel spreadsheets.

 

TRAFFIC


Shown above:  Traffic from an infection filtered in Wireshark.

 

POST-INFECTION TRAFFIC:

 

FILE HASHES

EMAIL ATTACHMENT:

FOLLOW-UP MALWARE:


Shown above:  Binary downloaded by .xls attachment.

 

Click here to return to the main page.