2016-10-26 - ADWIND (JRAT) MALSPAM - SUBJ: AL BARAKA EXCHANGE-AL MUKHAZEM EXCHANGE CO. FAX NO.278

ASSOCIATED FILES:

  • 2016-10-26-malspam-traffic.pcap   (601,883 bytes)
  • 2016-10-26-Adwind-malspam.eml   (28,061 bytes)
  • FAX NO_278_scan_001_pdf.jar   (232,864 bytes)

NOTES:

 

EMAIL


Shown above:  Screenshot of the email.

 


Shown above:  Messages headers.

 

MESSAGE HEADERS:

 

MESSAGE TEXT:

Dear All,

            Please Download the attachment

Download FAX NO.278.pdf  View FAX NO.278.pdf


Thanks   and Best Regards

Bhuvanes
Foreign Corr & Investigation Unit
Suliman A. Al Mukhazem Exchange Co.
inquiry@smexco.com
00965-22473565 Ext 16
00965-22401800  Ext 16

 

TRAFFIC


Shown above:  Traffic from the pcap filtered in Wireshark.

 

ASSOCIATED DOMAINS:

 

FILE HASHES

DOWNLOADED .JAR FILE:


Shown above:  The malicious .jar file.

 

FINAL NOTES

Once again, here are the associated files:

ZIP files are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.