2014-07-29 - PHISHING EMAIL - SUBJECT: INVOICE (#9849839)

ASSOCIATED FILES:

 

NOTES:

 

TODAY'S PHISHING EMAIL

SCREENSHOT:

 

MESSAGE TEXT:

Subject: Invoice (#9849839)
Resent-Date: Tue, 29 Jul 2014 00:12:10 +0000 (UTC)
Resent-From: debian-devel@lists.debian.org
Date: Tue, 29 Jul 2014 00:03:08 +0100
From: Invoice™ <hr@vehicle-engineering.org>
To: debian-devel <debian-devel@lists.debian.org>


See Attache for Invoice

 

SOME OF THE HEADER INFORMATION:

 

PRELIMINARY MALWARE ANALYSIS

FILE ATTACHMENT:

File name:  Invoice#.doc
File size:  57.5 KB ( 58880 bytes )
MD5 hash:  5f6fe4c41ea8f2a4df433148876335c4
Detection ratio:  10 / 54
First submission:  2014-07-10 09:39:57 UTC
VirusTotal link:  https://www.virustotal.com/en/file/7ca98c64631632e6ae48187c7adb43c148e55c7e11c38a1bfe2b270a3632b5a9/analysis/
Malwr link:  https://malwr.com/analysis/ZjYyN2Q3M2Y4MDMzNDM0NDk0MWU0NzZhYzU1ZmM5YzE/

 

FILE DROPPED ON SANDBOX VM:

File name:  svhost.exe
File size:  265.5 KB ( 271872 bytes )
MD5 hash:  3a38fb10925a8f259529dd93ec355dbf
Detection ratio:  30 / 54
First submission:  2014-07-20 06:10:11 UTC
VirusTotal link:  https://www.virustotal.com/en/file/4993cdb04d90b27091d1366322fdc7fa018f0b3ed0287072a5ec0c68dec46cee/analysis/

 

TRAFFIC FROM THE SANDBOX ANALYSIS

MALICIOUS WORD DOCUMENT:

 

DROPPED MALWARE:

 

FINAL NOTES

Once again, here are the associated files:

ZIP files are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.