Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: More File Selection Gaffes SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
More File Selection Gaffes

A reader submitted a file, that turned out to be a mass mailer project file used by malicious actors.

This malicious actor was not the only one mistakingly sending out their mass mailer project file: I found many other files.

What follows is an overview of various fake email templates defined in these mass mailer project files. Some of them are very basic, while others look exactly like legitimate emails.

I highlighted mailing variables ([[-Email-]], [[-Domain-]]) used in these templates.

 

Didier Stevens
Senior handler
Microsoft MVP
blog.DidierStevens.com DidierStevensLabs.com

DidierStevens

503 Posts
ISC Handler
Oct 31st 2020
Here are the SHA256 hashes of the MMP files I found on VirusTotal:

203a150599cc3ffdde11dfa8210060f2e55360606faf8dbba0c9e9b9dc231ccd
c09f14afe0298a2960e98a69d408f2d9be4f94341816d200d41ac0c0c1f6588f
7f16e454caad2beae5d5d32e631bdfe9be5c7eddd38251069df689d9c0f6c6ce
d75ffd7034e04fb949fd4f59347a0f6d1982359a48db29cb7e325703bcf37d0d
c5b4fbd4b78cddf838518f84f2f760cc8cb4d7cdf37b0f15cbc695e043474242
396529f94187923776f84ce73bbc21e10b36af152127706a3c358f3918049520
da8ad30ad438fe6b8dc6aae855070f06a301679e896c59a27faf349b8557f552
366cae5bd4d507076aa9870c9dd5b1944d7308dcaf28d4271eb438874e4c7c18
ba2e8ef86d4f3280c34e9c56fa4b1549876d482ab72708ee6d02fee326ce4d19
343bc6503d93cecad8fd53ea4f940f0de1f836b8739385e0b320ef3cffef7eb5
91868bc73ad02433d1047a7d98314f2393e3a89c9dfd6305e25bf242c0d46cb6
a6c8844af6504705e9044cec93d9cd6d6a235627ba270312fd2ce21877d7f94d
33972d67569b4bec7960e09af45c94ccf2e64dab946a2e205660de9a32bf8be6
21ef063f2741deb7c64e337f3a9925dbb80149f4c828914647ded3f43d307084
eaf833cdbac8d061f0a06777a3d13a0680cf95d35514ee3afef0fe0471841b68
Anonymous

ISC Handler

Sign Up for Free or Log In to start participating in the conversation!