Spamvertised DHL Notification Malware Campaign
0
Sample filename: document.zip => DHL_notification.exe
Sample message: Dear customer. The parcel was send your home address. And it will arrice within 7 bussness day. More information and the tracking number are attached in document below. Thank you. 2011 DHL International GmbH. All rights reserverd - notice the typo.
DHL_notification.exe - Trojan-Spy.Win32.SpyEyes - Result: 27 /43 (62.8%)
MD5 : bda72e57d263241d52b1fe2ef014cba9
SHA1 : fa9dc14b100f1bf5124cd23c322c109b38a70675
SHA256: 199f2357c24e71d955a4e6c2d07645aa04d9474e0c8c914a1edd69a02e3f8a70
Upon execution phones back to:
adobe.com/geo/productid.php
elsoplongt.com/rk`,jopbh/qwq - Email: redaccion@elsoplongt.com
accuratefiles.com/rk`,jopbh/qwq
lulango.com/rk`,jopbh/qwq - Email: lulango@gmail.com
erherg34gsafwe.com/xgate.php - AS49469, Email: admin@erherg34gsafwe.com
- erherg34gsafwe.com/ftp/base.bin
- erherg34gsafwe.com/ftp/ftpplug2.dll
- erherg34gsafwe.com/ftp/base.bin
Domains responding to:
192.150.16.117
72.41.115.170
74.117.180.216
87.106.193.21
94.63.244.56
This post has been reproduced from Dancho Danchev's blog.
About the author
Donec non enim in turpis pulvinar facilisis. Ut felis. Praesent dapibus, neque id cursus faucibus. Aenean fermentum, eget tincidunt.
0 Comments: