2017-01-09 - ZEUS PANDA BANKER INFECTION

NOTICE:

ASSOCIATED FILES:

  • 2017-01-09-Zeus-Panda-Banker-infection-traffic.pcap   (163,756 bytes)
  • 2017-01-09-DHL-malspam-1337-UTC.eml   (196,707 bytes)
  • CVS Commercial form 20170109.cvs.exe   (240,170 bytes)
  • CVS Commercial form 20170109.zip   (144,449 bytes)

 

THE EMAIL


Shown above:  Screenshot of the email.

 

EMAIL HEADERS:

 

MESSAGE TEXT:

Attached notice amount customs charges

Dear Customer,
Attached your invoice in PDF format, dated 01/09/2017 and csv files for shipments and services provided by DHL Express.

You can also display the details of his account and the historical invoices online.

In case of substantial problems in the Annex, contact support at: support@dhl.com

We expect to receive payment within the prescribed period, as indicated on the invoice.

We send our thanks for having taken advantage of DHL Express services.


Best regards,

DHL Express

 

TRAFFIC


Shown above:  Traffic from the pcap filtered in Wireshark.

 

ASSOCIATED DOMAINS:

 

FILE HASHES

ATTACHED ZIP ARCHIVE:

EXTRACTED MALWARE:

 

IMAGES


Shown above:  Artifacts and registry update for this malware infection on a physical host.

 

FINAL NOTES

Click here to return to the main page.