Wednesday, 11 March 2015

Phoenix documents-id323 Please P & J International Ltd

Phoenix documents-id323 Please P & J International Ltd

Headers:
From: "Phoenix" {phoenix@pnjinternational.com}
Subject: Please

Message body:
Good Afternoon,

Please find attached notice regarding carriers pre-filing for an
additional General Rate Increase for effective date of April 9, 2015.
Please note, we are advising you of this filing in order to comply with
FMC regulations. However, we feel it is unlikely that the carriers will
be successful in implementing this increase, especially since the March
9th GRI has already been postponed to March 17th. We will continue to
keep you updated as we receive additional information pertaining to
these filed rate increases.

Phoenix Zhang-Shin

Director

P & J International Ltd

Calverley House, 55 Calverley Road

Tunbridge Wells, Kent, UK TN1 2TU

Tel: 0044 1892 525588

Fax: 0044 1892 522277

Mob: 0044 7771802252

This email and any attachments are confidential and solely for the use
of the intended recipient. They may contain material protected by legal,
professional or other privilege. All correspondence with and
communication with us is governed by and subject to our Standard Terms
and Conditions of Sale (March 2010) (Our STCs), a copy of which has been
provided to you and which is available on request or on our web-site.
Acknowledging receipt of and replying to this email constitutes
acceptance of our STCs.

Attached is a Zip file:
documents-id323.zip
Inside the Zip is a Windows Executable:
documents-id323.exe

Sha256 Hashes:
 5a1467e9341ca5cf295fd84d76fcc38f7faccd573dbe6e872149eee64d26a9dc   [1]

Malware Information:

VirusTotal Report [1] (hits 3/57 Virus Scanners)

Malwr Report [1]

Hybrid Analysis Report [1]
Description:
The malware in the zip is a trojan downloader largely referred to as Upatre. 

This downloader will then probably download it's parter in crime
Dyre.

Dyre, is Zeus-like banking Trojan, which is trying to capture as much information about your online banking details as possible.

It's also being used to then send out the same malware to everyone else by using your own copy of outlook and your bandwidth.


Cheers,

Steve
Sanesecurity.com

2 comments:

Anonymous said...

I work for an insurance rating company and received this email. I gotta say that despite it having all of the signs that it is spam, it was awfully well-targeted. Deleted.

Anonymous said...

I work for a law firm and received this message, which was not well targeted as it would not apply to our work. glad for this site, as I figured it wasn't a friendly email.