2018-08-14 - QUICK POST: HANCITOR MALSPAM INFECTIONS FROM 2018-08-13 AND 2018-08-14

ASSOCIATED FILES:

• 2018-08-13-Hancitor-malspam-12-email-examples.zip   22.9 kB (22,864 bytes)
• 2018-08-13-Hancitor-malspam-infection-traffic.pcap.zip   460 kB (459,552 bytes)
• 2018-08-13-malware-from-Hancitor-infection.zip   338 kB (337,639 bytes)

• 2018-08-14-Hancitor-malspam-1750-UTC.eml.zip   2.1 kB (2,062 bytes)
• 2018-08-14-Hancitor-malspam-infection-traffic.pcap.zip   804 kB (804,348 bytes)
• 2018-08-14-malware-from-Hancitor-infection.zip   341 kB (341,027 bytes)

NOTES:

• Saw some issues with Zeus Panda Banker from Hancitor infections in my lab this week.
• Not as much Zeus Panda Banker traffic, and several DNS queries from the infected host showed "No such name".
• Otherwise, it's pretty much business as usual for Hancitor malspam.
• Zip archives are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Shown above:  Flow chart for this infection traffic.

 

IMAGES

Shown above:  Traffic from an infection filtered in Wireshark from today (2018-08-14).

 

Shown above:  Traffic from the same infection about 2 & 1/2 hours later.

 

Click here to return to the main page.