2018-06-27 - QUICK POST: HANCITOR INFECTION WITH ZEUS PANDA BANKER

ASSOCIATED FILES:

• 2018-06-27-Hancitor-malspam-example-1630-UTC.eml.zip   2.8 kB (2,822 bytes)
• 2018-06-27-Hancitor-malspam-infection-traffic.pcap.zip   482 kB (482,175 bytes)
• 2018-06-27-malware-from-Hancitor-malspam-infection.zip   288 kB (287,841 bytes)

 

NOTES:

• All zip archives on this site are password-protected with a standard password.  If you don't know it, see the "about" page of this website.

 

Shown above:  Flow chart for today's activity, if I'm correct in my assumptions.

 

Shown above:  Headers from an email example someone acquired for me today.

 

Shown above:  Traffic from this infection filtered in Wireshark.

 

Shown above:  Today's entire malspam run seemed like a test.

 

Shown above:  What I assume was a Hancitor malware binary seen during today's infection.

 

Click here to return to the main page.