Malware Email: “DHL Shipment Notification : 9155702****”/”[email protected]

FROM: [email protected]<[email protected]>
Return-Path: [email protected]
SUBJECT: DHL Shipment Notification : 9155702****
DATE: Thu, 22 Oct 2015 04:20:08

Kindly review attachments for Delivery Documents relating to your DHL Package On-board.
__________________________________________________________________________

AWB Number: 9155702****
Pickup Date: 2015-10-25 11:25:00
Service: U
Pieces: 1 Cust.
Ref: Description: Shipping Documents
___________________________________

Ship From:
SMA
AV DEL VALLES 308
MARIANIA- TERRASSA,
08117
ES
EVENT CATEGORY
23 Oct 15 12:47 PM – Shipment on Board
_____________________________________________________________________________

Shipment status may also be obtained from our Internet site in USA under http://track.dhl-usa.com or Globally under
http://www.dhl.com/track
Please do not reply to this email. This is an automated application used only for sending proactive notifications

Attached to the email is an compressed file : Ship Export Documents.zip , which -once uncompressed – would reveal an executable file: Ship Export Documents.exe 

The executable is currently detected by 21/56 antivirus engines according to VT

File name: Ship Export Documents.exe 
File size: 191.5 KB ( 196096 bytes )
MD5 hash: 9e3f2ef34def90b30b8c1e3ea6ef421f
SHA1 hash: b8dd97f4fd3e866cb3243f7b300461ffc28f4adb
SHA256 hash: f56ce9516ce68597329f3d041e0b987a69edfa9570d835a5abe350e21acfc236
Detection ratio: 21 / 56
First submission: 2015-10-22 07:29:11 UTC
VirusTotal link: https://www.virustotal.com/en/file/f56ce9516ce68597329f3d041e0b987a69edfa9570d835a5abe350e21acfc236/analysis/
Hybrid-analysis.com: https://www.hybrid-analysis.com/sample/f56ce9516ce68597329f3d041e0b987a69edfa9570d835a5abe350e21acfc236?environmentId=1

Leave a Reply