Sanesecurity ClamAV blog: zero hour malware, phishing and scams: Devaki(Manager of Importation)Ras Trading Co (Libya)

Monday 30 March 2015

Devaki(Manager of Importation)Ras Trading Co (Libya)

Devaki(Manager of Importation)Ras Trading Co (Libya) email with a New_Order_PO3482045_pdf.jar attachment...
Headers:

From: "IMPORT" {devaki.trg@ushafire.in}

Message body:

Greetings!

Kindly Find attached our final Purchase order for March 2015, 

Please send us invoice. We Plead you to give us discount with your
best price.

I await the invoice asap.

       
Best Regards

  
Devaki(Manager of Importation)Ras Trading Co  (Libya):Algeria St. ,
near Kick off ShopsGaryunis Area, Benghazi, Libya

There's a Jar file attached to the email:

New_Order_PO3482045_pdf.jar

Inside the Jar file is a Windows Executable file (Note the dual extension trick):

New Order PO3482045,pdf.exe

Sha256 Hashes (one example)

6a9f2769769bd32c6f31b6ac45c7d8a6decd6263692bb21418f80f494a69e8e0 [1]

Malware Anti-Virus Reports (one example)

VirusTotal Report [1] (hits 10/57 Virus Scanners)
Malwr Report [1]
Hybrid Analysis Report [1]

Cheers,
Steve
Sanesecurity.com

Sanesecurity ClamAV blog: zero hour malware, phishing and scams

Amazon3

Pages

Amazon

Monday 30 March 2015

Devaki(Manager of Importation)Ras Trading Co (Libya)

No comments: