Malware-Traffic-Analysis.net - 2019-02-12 - Quick post: Hancitor infection with Gozi/ISFB (Ursnif)

2019-02-12 - QUICK POST: HANCITOR INFECTION WITH GOZI/ISFB (URSNIF)

NOTICE:

The zip archives on this page have been updated, and they now use the new password scheme. For the new password, see the "about" page of this website.

ASSOCIATED FILES:

Zip archive of a malspam example: 2019-02-12-Hancitor-malspam-example.eml.zip 2.4 kB (2,381 bytes)

2019-02-12-Hancitor-malspam-example.eml (5,880 bytes)

Zip archive of the infection traffic: 2019-02-12-Hancitor-infection-with-Ursnif.pcap.zip 379 kB (379,313 bytes)

2019-02-12-Hancitor-infection-with-Ursnif.pcap (700,950 bytes)

Zip archive of the malware: 2019-02-12-Hancitor-and-Ursnif-malware.zip 246 kB (246,468 bytes)

2019-02-12-downloaded-Excel-spreadsheet-with-macro-for-Hancitor.xls (120832 bytes)

2019-02-12-Hancitor-malware-binary.exe (262,920 bytes)

2019-02-12-Ursnif-retrieved-by-Hancitor-infected-host.exe (117,760 bytes)

IMAGES

Shown above: Screenshot of the email.

Shown above: Traffic from the infected host filtered in Wireshark.

Click here to return to the main page.