2018-10-17 - QUICK POST: HANCITOR MALSPAM

ASSOCIATED FILES:

• Email:  2018-10-17-Hancitor-malspam-1539-UTC.eml.zip   2 kB (2,105 bytes)

• 2018-10-17-Hancitor-malspam-1539-UTC.eml   (5,812 bytes)

• Traffic:  2018-10-17-Hancitor-infection-traffic-AD-environment.pcap.zip   1.5 MB (1,475,878 bytes)

• 2018-10-17-Hancitor-infection-traffic-AD-environment.pcap   (2,040,486 bytes)

• Malware:  2018-10-17-malware-from-Hancitor-infection.zip   289 kB (288,600 bytes)

• 2018-10-17-downloaded-Word-doc-with-macro-for-Hancitor.doc   (189,952 bytes)
• 2018-10-17-Hancitor-malware-binary.exe   (60,928 bytes)
• 2018-10-17-Zeus-Panda-Banker-caused-by-Hancitor.exe   (160,768 bytes)

 

IMAGES

Shown above:  Flow chart for today's Hancitor infection (same as usual).

 

Shown above:  Screenshot of today's email example.

 

Shown above:  Downloading a malicious Word doc from the email link.

 

Shown above:  Traffic from an infection filtered in Wireshark.

 

FINAL NOTES

Once again, here are the associated files:

• Email:  2018-10-17-Hancitor-malspam-1539-UTC.eml.zip   2 kB (2,105 bytes)
• Traffic:  2018-10-17-Hancitor-infection-traffic-AD-environment.pcap.zip   1.5 MB (1,475,878 bytes)
• Malware:  2018-10-17-malware-from-Hancitor-infection.zip   289 kB (288,600 bytes)

Zip archives are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.