2018-06-27 - QUICK POST: HANCITOR INFECTION WITH ZEUS PANDA BANKER

NOTICE:

• The zip archives on this page have been updated, and they now use the new password scheme.  For the new password, see the "about" page of this website.

ASSOCIATED FILES:

• 2018-06-27-Hancitor-malspam-example-1630-UTC.eml.zip   2.8 kB (2,822 bytes)
• 2018-06-27-Hancitor-infection-with-Zeus-Panda-Banker.pcap.zip   482 kB (482,189 bytes)
• 2018-06-27-malware-from-Hancitor-infection.zip   288 kB (288,313 bytes)

 

Shown above:  Flow chart for today's activity, if I'm correct in my assumptions.

 

Shown above:  Headers from an email example someone acquired for me today.

 

Shown above:  Traffic from this infection filtered in Wireshark.

 

Shown above:  Today's entire malspam run seemed like a test.

 

Shown above:  What I assume was a Hancitor malware binary seen during today's infection.

 

Click here to return to the main page.