2018-08-02 - QUICK POST: HANCITOR INFECTION WITH ZEUS PANDA BANKER

NOTICE:

• The zip archives on this page have been updated, and they now use the new password scheme.  For the new password, see the "about" page of this website.

ASSOCIATED FILES:

• Zip archive of the email example:  2018-08-02-Hancitor-malspam-1440-UTC.eml.zip   1.9 kB (1,901 bytes)

• 2018-08-02-Hancitor-malspam-1440-UTC.eml   (9,409 bytes)

• Zip archive of the traffic:  2018-08-02-Hancitor-infection-with-Zeus-Panda-Banker.pcap.zip   2.1 MB (2,145,639 bytes)

• 2018-08-02-Hancitor-infection-with-Zeus-Panda-Banker.pcap   (2,561,931 bytes)

• Zip archive of the malware:  2018-08-02-malware-associated-with-Hancitor-infection.zip   308 kB (308,254 bytes)

• 2018-08-02-Hancitor-malware-binary.exe   (103,424 bytes)
• 2018-08-02-Zeus-Panda-Banker-caused-by-Hancitor.exe   (208,384 bytes)
• 2018-08-02-downloaded-Word-doc-with-macro-for-Hancitor.doc   (221,184 bytes)

 

IMAGES

Shown above:  Screenshot of the emails headers from a malspam example.

 

Shown above:  The malspam example viewed in an email client.

 

Shown above:  Downloading the malicious Word doc from link in the malspam.

 

Shown above:  Traffic from the infection filtered in Wireshark.

 

Click here to return to the main page.