<div style='background-color: none transparent;'></div>
Home » » Spamvertised DHL Notification Malware Campaign

Spamvertised DHL Notification Malware Campaign

A currently spamvertised malware campaign is brand-jacking DHL for malware-serving purposes.

Sample filename: document.zip => DHL_notification.exe
Sample message: Dear customer. The parcel was send your home address. And it will arrice within 7 bussness day. More information and the tracking number are attached in document below. Thank you. 2011 DHL International GmbH. All rights reserverd - notice the typo.

DHL_notification.exe - Trojan-Spy.Win32.SpyEyes - Result: 27 /43 (62.8%)
MD5   : bda72e57d263241d52b1fe2ef014cba9
SHA1  : fa9dc14b100f1bf5124cd23c322c109b38a70675
SHA256: 199f2357c24e71d955a4e6c2d07645aa04d9474e0c8c914a1edd69a02e3f8a70

Upon execution phones back to:
elsoplongt.com/rk`,jopbh/qwq - Email: redaccion@elsoplongt.com
lulango.com/rk`,jopbh/qwq - Email: lulango@gmail.com
erherg34gsafwe.com/xgate.php - AS49469,  Email: admin@erherg34gsafwe.com
    - erherg34gsafwe.com/ftp/base.bin
    - erherg34gsafwe.com/ftp/ftpplug2.dll
    -     erherg34gsafwe.com/ftp/base.bin

Domains responding to:

This post has been reproduced from Dancho Danchev's blog.
Share this article :
Copyright © 2011. Dancho Danchev's Blog - Mind Streams of Information Security Knowledge . All Rights Reserved
Company Info | Contact Us | Privacy policy | Term of use | Widget | Advertise with Us | Site map
Template Modify by Creating Website. Inpire by Darkmatter Rockettheme Proudly powered by Blogger