2019-06-17 - PCAP AND MALWARE FOR AN ISC DIARY (DRIDEX)

NOTICE:

• The zip archives on this page have been updated, and they now use the new password scheme.  For the new password, see the "about" page of this website.

REFERENCE:

• The associated ISC diary is Malspam with password-protected Word docs pushing Dridex.

ASSOCIATED FILES:

• 2019-06-17-malspam-with-password-protected-Word-doc-1621-UTC.eml.zip   262 kB (262,020 bytes)

• 2019-06-17-malspam-with-password-protected-Word-doc-1621-UTC.eml   (366,985 bytes)

• 2019-06-17-password-protected-Word-doc-causes-Dridex-infection.pcap.zip   3.2 MB (3,241,816 bytes)

• 2019-06-17-password-protected-Word-doc-causes-Dridex-infection.pcap   (3,395,040 bytes)

• 2019-06-17-malware-and-artifacts-from-Dridex-infection-by-password-protected-Word-doc.zip   2.3 MB (2,252,639 bytes)

• HKL-37689934693.doc   (261,632 bytes)
• HKL-37689934693.doc-macros/a0woxm.txt   (872 bytes)
• HKL-37689934693.doc-macros/afJX6ELpP.txt   (962 bytes)
• HKL-37689934693.doc-macros/alTuUemw.txt   (773 bytes)
• HKL-37689934693.doc-macros/aM6Qu2vfS.txt   (1,898 bytes)
• HKL-37689934693.doc-macros/ThisDocument.txt   (4,387 bytes)
• malware-and-artifacts/2019-06-17-aXwZvnt48.xsl-artifact-in-Windows-temp-folder.txt   (3,080 bytes)
• malware-and-artifacts/2019-06-17-Dridex-installer-retrieved-by-macro-from-password-protected-Word-doc.exe   (325,912 bytes)
• malware-and-artifacts/2019-06-17-scheduled-task-to-keep-Dridex-persistent.xml.txt   (3,500 bytes)
• malware-and-artifacts/2019-06-17-shortcut-in-Windows-menu-startup-folder-to-keep-Dridex-infection-persistent.lnk.bin   (879 bytes)
• malware-and-artifacts/2019-06-17-Windows-registry-entry-to-keep-Dridex-infection-persistent.txt   (614 bytes)
• malware-and-artifacts/dMHo/OLEACC.dll   (675,840 bytes)
• malware-and-artifacts/dMHo/sethc.exe   (279,040 bytes)
• malware-and-artifacts/OsiiC9/wbengine.exe   (1,504,256 bytes)
• malware-and-artifacts/OsiiC9/XmlLite.dll   (675,840 bytes)

 

Click here to return to the main page.