2017-09-15 - MORE POSSIBLE COINBIT MALWARE

NOTICE:

ASSOCIATED FILES:

  • 2017-09-15-possible-Coinbit-infection-traffic.pcap   (36,370 bytes)
  • 2017-09-15-possible-Coinbit-email-tracker.csv   (3,729 bytes)
  • 2017-09-15-fake-Microsoft-update-malspam-example.eml   (38,278 bytes)
  • 2017-09-15-file-downloader.exe   (27,648 bytes)
  • 2017-09-15-follow-up-malware-possibly-Coinbit.exe   (36,864 bytes)

NOTES:

 

EMAILS


Shown above:  Screenshot from the spreadsheet tracker.

 


Shown above:  Screenshot from an email on 2017-09-15.

 

EMAILS NOTED:

Read:  Date/time -- Sending IP address -- Sending email address (spoofed) -- Subject line -- attachment name

 

TRAFFIC


Shown above:  Attachment from the email has to be run as an administrator, then it will act as a file downloader.

 


Shown above:  Follow-up malware needs MSWINSCK.OCX and a bitcoin wallet at a specific location on the infected host.

 

ASSOCIATED URLS:

 

ASSOCIATED MALWARE

ATTACHED EXE FILE:

FOLLOW-UP MALWARE:

 

Click here to return to the main page.