2014-08-29 - PHISHING EMAIL - SUBJECT: NEW ORDER BY AIR

ASSOCIATED FILES:

 

PHISHING EMAIL

SCREENSHOT:

 

MESSAGE TEXT:

From: Mohammed Oseni <purchaseimt@metaltech.in>
Organization: Crystal plake LLC
Date: Friday, August 29, 2014 at 4:40 UTC
To: [redacted]
Subject: NEW ORDER BY AIR

Hello,

Kindly find attach the Purchase Order Requirement in our own label, we want to sale this product in the Europe market and Singapore please kindly give us best
price as we are going to be making huge order we need your OEM FOB and all necessary information to place this order, all of our requirement is in the purchase order attached below kindly download it sign in your company e-mail to view our order and send us PI immediately for 3 container.

Awaiting your earliest response,

Rosy Liu Sales Manager

www.kaliho.com

GSM:008613826519475

Attachment: Product Catalogue.rar (227.4 KB)

 

PRELIMINARY MALWARE ANALYSIS

EMAIL ATTACHMENT:

File name:  Product Catalogue.rar
File size:  168.3 KB ( 172350 bytes )
MD5 hash:  04a38cfb7b4089ec1e4359ee80f0ad32
Detection ratio:  7 / 53
First submission:  2014-08-29 21:00:43 UTC
VirusTotal link:  https://www.virustotal.com/en/file/156a10e5202046335fe52448a1c940ca8146fdb4fd794f158638e9532ef333f1/analysis/

 

File name:  Product Catalogue.exe
File size:  235.5 KB ( 241152 bytes )
MD5 hash:  67c889191607286138d9e5bc199b526a
Detection ratio:  9 / 53
First submission:  2014-08-29 05:10:09 UTC
VirusTotal link:  https://www.virustotal.com/en/file/7ff4a1e496b4aa4de8fd3c74d83f7cdb82a9683b9e091cc8d9508030d2153d02/analysis/

 

INFECTION TRAFFIC

FROM SANDBOX ANALYSIS OF THE MALWARE:

 

SNORT EVENTS FROM SANDBOX ANALYSIS

Emerging Threats and ETPRO rulesets from Sguil on Security Onion (without ET POLICY or ET INFO events):

Sourcefire VRT ruleset from Snort 2.9.6.2 on Debian 7:

 

FINAL NOTES

Once again, here are the associated files:

ZIP files are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.