From: Adriane Camargo. [adriane@yahoo.com.br]
Date: 29 July 2013 20:59
Subject: Documento importante : 5039403 !!
Arquivo : DC-59KDJF994J3K303940430DJJRI8.rar ( 173,4 KB)
The link in the email downloads goes through a legitimate hacked site and then downloads a RAR file from [donotclick]www.equilibrionutriesportiva.com.br/site/wp-admin/network/icons/equilib/fing3234/Planilha-Documento.docx_.rar which has a VirusTotal detection rate of 17/46 and is identified as a trojan downloader.
According to Anubis, the malware then attempts to download additional components from [donotclick]www.equilibrionutriesportiva.com.br/site/wp-admin/network/icons/equilib/fing3234/ie.exe but this seems to generate a 403 error.
Other analyses are pending. Update: here is an analysis from Comodo CAMAS.
No comments:
Post a Comment