2017-01-12 - HANCITOR INFECTION WITH PONY AND VAWTRAK

NOTICE:

ASSOCIATED FILES:

  • 2017-01-12-Hancitor-infection-with-Pony-and-Vawtrak.pcap   (1,398,569 bytes)
  • 2017-01-12-Hancitor-malspam-1652-UTC.eml   (1,049 bytes)
  • 2017-01-12-Hancitor-example.doc   (190,464 bytes)
  • 2017-01-12-Pony-example-pm1.dll   (71,680 bytes)
  • 2017-01-12-Vawtrak-example.exe   (489,984 bytes)

NOTES:


Shown above:  Flowchart for this infection traffic.

 

EMAIL


Shown above:  Screenshot of the email.

 

EMAIL HEADERS:

 


Shown above:  Word document downloaded from link in the email.

 

TRAFFIC


Shown above:  Word document downloaded from link in the email.

 

ASSOCIATED DOMAINS:

 

FILE HASHES

WORD DOCUMENT:

PONY DLL:

VAWTRAK MALWARE:

 

Click here to return to the main page.