2018-10-17 - QUICK POST: HANCITOR MALSPAM
ASSOCIATED FILES:
- Email: 2018-10-17-Hancitor-malspam-1539-UTC.eml.zip 2 kB (2,105 bytes)
- 2018-10-17-Hancitor-malspam-1539-UTC.eml (5,812 bytes)
- Traffic: 2018-10-17-Hancitor-infection-traffic-AD-environment.pcap.zip 1.5 MB (1,475,878 bytes)
- 2018-10-17-Hancitor-infection-traffic-AD-environment.pcap (2,040,486 bytes)
- Malware: 2018-10-17-malware-from-Hancitor-infection.zip 289 kB (288,600 bytes)
- 2018-10-17-downloaded-Word-doc-with-macro-for-Hancitor.doc (189,952 bytes)
- 2018-10-17-Hancitor-malware-binary.exe (60,928 bytes)
- 2018-10-17-Zeus-Panda-Banker-caused-by-Hancitor.exe (160,768 bytes)
IMAGES
Shown above: Flow chart for today's Hancitor infection (same as usual).
Shown above: Screenshot of today's email example.
Shown above: Downloading a malicious Word doc from the email link.
Shown above: Traffic from an infection filtered in Wireshark.
FINAL NOTES
Once again, here are the associated files:
- Email: 2018-10-17-Hancitor-malspam-1539-UTC.eml.zip 2 kB (2,105 bytes)
- Traffic: 2018-10-17-Hancitor-infection-traffic-AD-environment.pcap.zip 1.5 MB (1,475,878 bytes)
- Malware: 2018-10-17-malware-from-Hancitor-infection.zip 289 kB (288,600 bytes)
Zip archives are password-protected with the standard password. If you don't know it, look at the "about" page of this website.
Click here to return to the main page.