2014-08-09 - PHISHING EMAIL - SUBJECT: NEW REQUEST FOR AN OFFER

ASSOCIATED FILES:

 

THE PHISHING EMAIL

SCREENSHOT:

 

MESSAGE TEXT:

From: Aisha Nadiath <sales@newmanflanqe.com>
Date: Friday, August 8, 2014 at 8:33 UTC
Subject: New Request for an offer

Dear Sir,

We are participating in an on going bid.

Please quote us the Offer products at a reasonable prices as mentioned in this tender document.

Thanks and Best Regards,

Aisha Nadiath
Purchase Manager
Overseas New Manflange Co. Ltd.

Attachment: Tender-013.zip (291.9 KB)

 

 

PRELIMINARY MALWARE ANALYSIS

EMAIL ATTACHMENT:

File name:  Tender-013.zip
File size:  215.3 KB ( 220501 bytes )
MD5 hash:  95515c7fbe05c1e5faafe8fe55cec57f
Detection ratio:  14 / 54
First submission:  2014-08-08 06:25:07 UTC
VirusTotal link:  https://www.virustotal.com/en/file/a00b4365b5716c5f2b9f5d62d5c9fd3e7f880089a16f91224ed03df03c1a0c39/analysis/

 

EXTRACTED MALWARE:

File name:  Tender-013.exe
File size:  366.5 KB ( 375296 bytes )
MD5 hash:  17ecbfa39ec3e5f5ba93fdd9d0885fde
Detection ratio:  15 / 53
First submission:  2014-08-08 08:27:47 UTC
VirusTotal link:  https://www.virustotal.com/en/file/313b7051761561bc585bc7fe3689ae283f28f2ea54ccceaaffadacf18acc887e/analysis/

 

INFECTION TRAFFIC

FROM RUNNING THE MALWARE IN A VM:

 

SNORT EVENTS FROM RUNNING THE MALWARE IN A VM

Emerging Threats and ETPRO rulesets from Sguil on Security Onion (without ET POLICY or ET INFO events):

 

FINAL NOTES

Once again, here are the associated files:

ZIP files are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.