2019-10-03 - DATA DUMP: CLASSIC-STYLE HANCITOR MALSPAM

NOTICE:

• The zip archives on this page have been updated, and they now use the new password scheme.  For the new password, see the "about" page of this website.

ASSOCIATED FILES:

• 2019-10-03-Hancitor-malspam-1745-UTC.eml.zip   1.9 kB (1,939 bytes)
• 2019-10-03-Hancitor-infection-traffic.pcap.zip   336 kB (336,379 bytes)
• 2019-10-03-Hancitor-malware-and-artifacts.zip   230 kB (230,404 bytes)

 

IMAGES

Shown above:  .

 

Shown above:  Downloading a Word document.

 

Shown above:  Password protected macro, eh?

 

Shown above:  Using the code from the email as the password.

 

Shown above:  It shows the password as incorrect, but I got some infection traffic anyway.

 

Shown above:  Traffic from the infection filtered in Wireshark.

 

Click here to return to the main page.