Malware-Traffic-Analysis.net - 2017-10-31 - Quick post: Hancitor malspam (Payment notice for invoice)

2017-10-31 - QUICK POST: HANCITOR MALSPAM (PAYMENT NOTICE FOR INVOICE)

ASSOCIATED FILES:

Zip archive of the pcap: 2017-10-31-Hancitor-malspam-traffic-example.pcap.zip 335 kB (334,899 bytes)

2017-10-30-Hancitor-malspam-traffic-example.pcap (479,535 bytes)

Zip archive of the malware: 2017-10-31-Hancitor-malspam-and-artifacts.zip 232 kB (232,164 bytes)

2017-10-31-Hancitor-maldoc-receipt_561268.doc (224,768 bytes)

2017-10-31-Hancitor-malspam-all-emails.txt (23,018 bytes)

2017-10-31-Hancitor-malspam-notes.txt (4,245 bytes)

2017-10-31-Zeus-Panda-Banker.exe (151,040 bytes)

NOTES

See "2017-10-31-Hancitor-malspam-notes.txt" in the malware archive for domains, IP addresses, SHA256 hashes, URLs, etc.
Zip archives are password-protected with the standard password. If you don't know it, look at the "about" page of this website.

Shown above: Traffic from the infection filtered in Wireshark.

Click here to return to the main page.