Date: Mon, 11 Nov 2013 11:28:29 +0000 [06:28:29 EST]The attachment to the email is called To All Employees 2013.zip which contains To All Employees 2013.zip.exe which has an icon that makes it look like a PDF file. This malicious file has a VirusTotal detection rate of 7/47.
From: DocuSign Service [dse@docusign.net]
Subject: To all Employees - Confidential Message
Your document has been completed
Sent on behalf of administrator@victimdomain.
All parties have completed the envelope 'Please DocuSign this
document: To All Employees 2013.doc'. To view or print the
document download the attachment .
(self-extracting
archive, Adobe PDF) This
document contains information confidential and proprietary to spamcop.net
LEARN MORE: New Features | Tips & Tricks | Video Tutorials
DocuSign. The fastest way to get a signature. If you
have questions regarding this notification or any enclosed documents requiring your
signature, please contact the sender directly. For technical assistance with the
signing process, you can email support. This message was sent to
you by administrator@victimdomain who is using the DocuSign Electronic Signature Service.
If you would rather not receive email from this sender you may contact the sender with
your request.
Automated analysis [1] [2] shows a callback to trc-sd.com on 121.127.248.74 (Sun Network, Hong Kong). This IP address hosts several legitimate sites, so bear that in mind if you block the IP.
No comments:
Post a comment