Date: Mon, 28 Jul 2014 13:15:57 +0200 [07:15:57 EDT]
From: "AMAZON.CO.UK" [egljlyzqv@Amazon.co.uk]
Subject: Your Amazon order #239-1744919-1697181
Hello,
Thank you for your order. We'll let you know once your item(s) have dispatched.You can check the status of your order or make changes to it by visiting Your Orders on Amazon.co.uk.
Order Details
Order #239-1744919-1697181 Placed on July 26, 2014
Order details and invoice in attached file.
Need to make changes to your order? Visit our Help page for more information and video guides.
We hope to see you again soon.
Amazon.co.uk
Attached is a file Order-239-1744919-1697181.zip which in turn contains a malicious executable Order details 001-8821901-992107.exe which has a VirusTotal detection rate of 18/54.
The Comodo CAMAS analysis shows that the malware reaches out to a familiar set of URLs to download further components:
www.zag.com.ua/333
daisyblue.ru/333
www.ricebox.biz/333
brandsalted.com/333
fbcashmethod.ru/333
expositoresrollup.es/333
madrasahhusainiyahkl.com/333
sexyfoxy.ts6.ru/333
www.huework.com/333
siliconharbourng.com/333
www.martijnvanhout.nl/333
I would recommend blocking the following domains:
zag.com.ua
daisyblue.ru
ricebox.biz
brandsalted.com
fbcashmethod.ru
expositoresrollup.es
madrasahhusainiyahkl.com
sexyfoxy.ts6.ru
huework.com
siliconharbourng.com
martijnvanhout.nl
No comments:
Post a Comment