2016-10-31 - FACEBOOK-THEMED MALSPAM: "DENUNCIA DE RACISMO EM SEU PERFIL"

ASSOCIATED FILES:

  • 2016-10-31-malspam-traffic.pcap   (1,500,452 bytes)
  • 2016-10-31-2106-UTC-malspam.eml   (10,784 bytes)
  • IMG_68794206_0521892.zip   (7,082 bytes)
  • IMG_68794206_0521896.js   (35,416 bytes)
  • [username]wz.gif   (1,75,616 bytes)
  • r1.log   (53 bytes)
  • sdaniurh77fhrhybss.ini   (53 bytes)

 

EMAIL


Shown above:  Screenshot of the malspam.

 


Shown above:  Headers from the malspam.

 


Shown above:  File downloaded from the goo.gl link in the malspam.

 

TRAFFIC


Shown above:  Traffic from the infection filtered in Wireshark.

 

ASSOCIATED DOMAINS:

 

FILE HASHES

ZIP archive downloaded from goo.gl link in email:

JS file extracted from the downloaded ZIP archive:

DLL file dropped in the ProgramData\[username] directory:

 

IMAGES


Shown above:  Artifacts from the infected host.

 

FINAL NOTES

Once again, here are the associated files:

ZIP files are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.