2014-08-08 - PHISHING EMAIL - SUBJECT: RE: PURCHASE ORDER

ASSOCIATED FILES:

 

THE PHISHING EMAIL

SCREENSHOT:

 

MESSAGE TEXT:

From: Japan Manufatural Company <manufacturalsales@gmail.com>
Reply-To: <manufacturalsales@gmail.com>
Date: Friday, August 8, 2014 at 1:32 UTC
Subject: RE: PURCHASE ORDER

Sir.Kindly check my purchase order on the attach file and get back to us immedialey for the payment to be made.

Best Regard,

JAPAN NEPOL STEEL COMPANY

Fujitsu Kosugi Building 1812-10 Shimonumabe,
Nakahara-ku. Kawasaki-shi,
Kanagawa Japan.

Tel.: +81 - 813-678-9902
Email:manufacturalsales@gmail.com

Attachment: PURCHASE ORDER.rar (272 KB)

 

 

PRELIMINARY MALWARE ANALYSIS

EMAIL ATTACHMENT:

File name:  PURCHASE ORDER.rar
File size:  200.7 KB ( 205490 bytes )
MD5 hash:  2d62935b885a4cbef5db682dbf2614c3
Detection ratio:  24 / 54
First submission:  2014-08-08 04:30:57 UTC
VirusTotal link:  https://www.virustotal.com/en/file/b1e9aaac9a35faea36d82dc2d4d060e424b652751251523166ede7d1537e351d/analysis/

 

EXTRACTED MALWARE:

File name:  rach.exe
File size:  217.3 KB ( 222502 bytes )
MD5 hash:  ba3888f22e448fd79b220106155d2b66
Detection ratio:  27 / 53
First submission:  2014-08-08 07:09:49 UTC
VirusTotal link:  https://www.virustotal.com/en/file/0ef66e8730340315b1f821e096c4ef6aeda02c89cef3d5ddc09c3804287684bb/analysis/

 

INFECTION TRAFFIC

TRAFFIC FROM SANDBOX ANALYSIS OF THE MALWARE:

 

SNORT EVENTS FROM SANDBOX ANALYSIS TRAFFIC

Emerging Threats and ETPRO rulesets from Sguil on Security Onion (without ET POLICY or ET INFO events):

 

FINAL NOTES

Once again, here are the associated files:

ZIP files are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.