2018-10-17 - QUICK POST: HANCITOR MALSPAM

ASSOCIATED FILES:

  • 2018-10-17-Hancitor-malspam-1539-UTC.eml   (5,812 bytes)
  • 2018-10-17-Hancitor-infection-traffic-AD-environment.pcap   (2,040,486 bytes)
  • 2018-10-17-downloaded-Word-doc-with-macro-for-Hancitor.doc   (189,952 bytes)
  • 2018-10-17-Hancitor-malware-binary.exe   (60,928 bytes)
  • 2018-10-17-Zeus-Panda-Banker-caused-by-Hancitor.exe   (160,768 bytes)

 

IMAGES


Shown above:  Flow chart for today's Hancitor infection (same as usual).

 


Shown above:  Screenshot of today's email example.

 


Shown above:  Downloading a malicious Word doc from the email link.

 


Shown above:  Traffic from an infection filtered in Wireshark.

 

FINAL NOTES

Once again, here are the associated files:

Zip archives are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.