2014-11-05 - PHISHING EMAIL - SUBJECT: INVOICES AND PAYMENT COPY ATTACHED

ASSOCIATED FILES:

 

THE PHISHING EMAIL

SCREENSHOT:

 

MESSAGE TEXT:

From: KLUBER LUBRICATION PVT <felixbrown@dr.com>
Reply-To: <kb2237@gmail.com>
Date: Wednesday, November 5, 2014 at 7:36 UTC
Subject: invoices and payment copy attached

Kind Attn Sir,
Please find the below mentioned / attached invoice details for your reference and kindly confirm the below status:

1. Have you received the invoice & confirm that all the material has been reached to safely.
2. If received have all the work has been completed or not.
3. If completed, have you booked for payment.

KLUBER LUBRICATION CHINA PVT LTD
PLOT NO 347-A, HEBBAL INDUSTRIAL AREA P.O METAGALLI MYSORE 570 016

SUB TOTAL
$8,195.15

Note : Please reply if there is any issue regarding material or Invoice
within 3 working days or by telephone so that we can clarify if any problem
is there.

Kindly treat this matter on priority & reply.

With Kind Regards...

Mahalakshmi Sharma
Customer Relationship Management

Attachmentimage001N.rar (391.2 KB)
Attachmentimage002D.rar (617.2 KB)

 

PRELIMINARY MALWARE ANALYSIS

EMAIL ATTACHMENT (1 OF 2):

File name:  image001N.rar
File size:  235.5 KB ( 241152 bytes )
MD5 hash:  bb8b6562d6723b04117762e375f3fd2b
Detection ratio:  12 / 54
First submission:  2014-11-06 00:03:34 UTC
VirusTotal link:  https://www.virustotal.com/en/file/b6fcd12cc7b7fa34ea05cdec9c1a900cee67b6b7f388fb79af3794d2b0f8c1e3/analysis/

 

EMAIL ATTACHMENT (2 OF 2):

File name:  image002D.rar
File size:  455.3 KB ( 466219 bytes )
MD5 hash:  8b91108cac0f3fd8e5074a4a5d956892
Detection ratio:  11 / 54
First submission:  2014-11-06 01:42:51 UTC
VirusTotal link:  https://www.virustotal.com/en/file/9d7d4da3ed6bd33ea47d8bddd6efdb4122f2ea4db87263123af976c9c8392cdd/analysis/

 

EXTRACTED MALWARE (1 OF 2):

File name:  image001N.exe
File size:  311.5 KB ( 318976 bytes )
MD5 hash:  67a45ddff62095ac322e9d13440b7bea
Detection ratio:  14 / 53
First submission:  2014-11-06 00:04:08 UTC
VirusTotal link:  https://www.virustotal.com/en/file/01990ff9ab5b033e86ac3081446d7530c41a512dc601deff03cf5bf49297423a/analysis/
Malwr.com link:  https://malwr.com/analysis/YmJiNGNiODVjODU0NDcxMWJiMTc0YTlhZDI3OTdjNTg/

 

EXTRACTED MALWARE (2 OF 2):

File name:  image002D.exe
File size:  528.0 KB ( 540672 bytes )
MD5 hash:  0eeb7af2a25b77dc51ff024624d18f74
Detection ratio:  13 / 53
First submission:  2014-11-06 00:03:43 UTC
VirusTotal link:  https://www.virustotal.com/en/file/65db309e1552c021334bd0b3ac0acb31a17932b84501c854a38e50b6b4ca954e/analysis/
Malwr.com link:  https://malwr.com/analysis/NTg3YjU5OWRmNzllNDdkYTljNjljY2Q3ZDAzODJjYjk/

 

INFECTION TRAFFIC

TRAFFIC FROM MALWR.COM ANALYSIS OF IMAGE001N.EXE:

 

TRAFFIC FROM MALWR.COM ANALYSIS OF IMAGE002D.EXE:

 

FINAL NOTES

Once again, here are the associated files:

ZIP files are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.