Date: Tue, 8 Apr 2014 08:65:82 GMT
From: Sage [Merrill.Sterling@sage-mail.com]
Subject: RE: BACs #3421309
Please see attached copy of the original invoice.
Attached is a file BACs-3421309.zip which in turn contains a malicious executable BACs-040814.exe which has a VirusTotal detection rate of 10/51.
The Malwr analysis shows that it attempts to download a configuration file from [donotclick]hemblecreations.com/images/n0804UKd.dim and then it attempts to connect to a number of other domains and IP addresses.
Recommended blocklist:
50.116.4.71
aulbbiwslxpvvphxnjij.biz
twplfztldagaydcacebqpypm.net
aidyhnzrkqomndihmttglrcmpf.com
jnojswlbzdxondfahwgbmluyl.ru
wcaebnfwljamemlzhqwqsovzlfq.com
skirtrslbtjrjfphemnnjqowuus.biz
uobihirghyscvswgwolneuscyamh.org
hvchqgyzfitaiugmbmifdwclrk.info
hemblecreations.com
No comments:
Post a Comment