Thursday, 19 February 2015

DHL Delivery Notification Original_Document

DHL Delivery Notification containing an Original_Document zip.

Message Header:
From: "DHL"{accounts@oct-paper.com}
Subject: DHL Delivery Notification
Message Body:
Dear customer,

We attempted to deliver your item at 10:10 AM on Feb 17th,2015. (Read enclosed file detail)
The delivery attempt failed because nobody was present at the shipping address, so this notify has been automatically sent.
If the parcel is not scheduled for redelivery or picked up within 72 hours, it will be returned to the sender.

Label Number:  DHL7567351D
Expected Delivery Date:  Feb 17th , 2015
Class:  Package Services
Service(s):  Delivery Confirmation
Status:  eNotification sent

Read the enclosed file for details.

DHL Customer Service.

2015 © DHL International GmbH. All rights reserved.
----------------------------------------------------------------------
This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.


Attachment filename:
Original_Document_00116398173-pdf.zip

Inside the Zip file is a Windows Executable: (Note: the double extension)
Original_Document_00116398173-pdf.exe

Md5 Hashes:
0cad854d4fdbf2e2b6ce6f713f438a5d  [1]

Malware  information:

VirusTotal Report [1] (hits 24/57 Virus Scanners)

Malwr Report [1]

Summary:
  • Executed a process and injected code into it, probably while unpacking
  • Steals private information from local Internet browsers
  • Contacts C&C server HTTP check-in (Banking Trojan)
  • Harvests credentials from local FTP client softwares
  • Installs itself for autorun at Windows startup
Hybrid-Analysis Report [1]

Cheers,
Steve

1 comment:

Mian Khalid said...

From: info@smtp.com
> To: DHL@deliverhouse.com
> Subject: Delivery No.- DHL7567351D/03-015
> Date: Mon, 9 Mar 2015 11:19:16 +0100
>
> Dear customer,
>
> We attempted to deliver your item at 10:10 AM on March 7th,2015. (Read enclosed file detail)
> The delivery attempt failed because nobody was present at the shipping address, so this notify has been automatically sent.
> If the parcel is not scheduled for redelivery or picked up within 72 hours, it will be returned to the sender.
>
> Label Number: DHL7567351D
> Expected Delivery Date: March 7th , 2015
> Class: Package Services
> Service(s): Delivery Confirmation
> Status: eNotification sent
>
> Read the enclosed file for details.
>
> DHL Customer Service
> 0939929929928 Ext 77838 /6673772
>
>
> ---
> This email has been checked for viruses by Avast antivirus software.
> http://www.avast.com