2016-06-09 - INFECTION TRAFFIC FROM SMUTTY EMAILS

NOTICE:

• The zip archives on this page have been updated, and they now use the new password scheme.  For the new password, see the "about" page of this website.

ASSOCIATED FILES:

• 2016-06-09-smutty-emails-2-examples.zip   5.0 kB (5,042 bytes)

• 2016-06-08-smutty-email-2036-UTC.eml   (6,113 bytes)
• 2016-06-09-smutty-email-0244-UTC.eml   (5,718 bytes)

• 2016-06-09-infection-traffic-from-smutty-emails-2-pcaps.zip   4.1 MB (4,081,287 bytes)

• Infection-traffic-from-2016-06-08-2036-UTC-smutty-email.pcap   (3,581,062 bytes)
• Infection-traffic-from-2016-06-09-0244-UTC-smutty-email.pcap   (711,437 bytes)

• 2016-06-09-malware-from-the-2-infection-runs.zip   8.5 MB (8,528,719 bytes)

• Video(wav).zip   (28,777 bytes)
• _Video_   (610,304 bytes)
• _Video_.jar   (137,391 bytes)
• vmnat.exe   (6,095,668 bytes)
• vmnat.zip   (3,837,872 bytes)

 

NOTES:

• Found more malspam after searching for material on an ISC diary I wrote for Wednesday, 2016-06-09 ( link ).

 

IMAGES

Shown above:  First example of these emails.

 

Shown above:  Second example of these emails.

 

Shown above:  Translation of the message text using Google Translate.

 

Shown above:  Traffic after the first email.  (Note: The initial HTTPS traffic for the Google Drive link isn't included in that first pcap.)

 

Shown above:  Traffic after the second email.

 

Shown above:  Malware from the first time I tried the Google drive link from those two emails.

 

Shown above:  Malware from the second time I tried the Google Drive link from those two emails.

 

Click here to return to the main page.