Friday, 26 December 2014

Emma Jones - sakaitrading: rtf document and rar malware (+1412718912)

A single email arrived today, with a couple of interesting attachments...

From: "Sakai Trading Inc" e.jones@sakaitrading.com
Date: Fri, 26 Dec 2014 04:40:27 +0000
Subject: Fw: 2x40ft containers New York Long Beach

Hello

Please find attached and quote for us your best price to New York Long Beac=
h. We need to know the exact mass production time needed after paying the d=
eposit payment and also the aprox delivery time to New York Long Beach by s=
ea. What are your payment terms? Can you accept LC at sight or cash against=
 document payment?
Also we need to know if we can visit your place after new year so we can ta=
ke a look on the production process there.

Thank you
Regards
Emma Jones
Sakai Trading Company Inc
3300 Polo Place, Bronx, New York, 10453, USA
Tel: +1412718912
Fax: +4127118910


Attached to the above email are two files...

 2x40ft containers New York Long Beach USA.doc and 2x40ft containers New York Long Beach USA.rar.

 2x40ft containers New York Long Beach USA.rar contains a .pif executable, in a folder:

2x40ft containers New York Long Beach USA\2x40ft containers New York Long Beach USA.pif and
it reported on VirusTotal as:

[Hash: fc6d66e5bf18b5f55aa847f08a32a25] (3/56) and contains  Trojan[Backdoor]/Win32.Androm
Malwr Report [here]

The 2x40ft containers New York Long Beach USA.doc file, is reported on VirusTotal as:

[Hash: aa76b4d979ebf24437a4335a11dba98] (13/56) and contains Exploit.RTF.CVE-2012-0158
Malwr Report [here] shows that it steals information from browsers
 
Cheers,

Steve
Sanesecurity.com

No comments: