Date: Wed, 7 May 2014 01:50:00 -0600 [03:50:00 EDT]The attachment is GB5766211.zip which contains the malicious executable GB07052014.scr (note the date is encoded into the filename). This has a VirusTotal detection rate of 7/52.
From: TNT COURIER SERVICE [tracking@tnt.co.uk]
Subject: TNT UK Limited - Package tracking 236406937389
TNT COURIER SERVICE (TCS)
Customer/Delivery Services Department
Central Pk Est/Mosley Rd, Trafford Park
Manchester, M17 1TT UK.
DETAILS OF PACKAGE
Reg order no: GB5766211
Your package have been picked up and is ready for dispatch. Please print attached form
and pick up at the nearest office.
Connote # : 236406937389
Service Type : Export Non Documents - Intl
Shipped on : 07 Apr 13 00:00
Order No : 5766211
Status : Driver's Return Description : Wrong Postcode
Service Options: You are required to select a service option below.
The options, together with their associated conditions
Automated analysis tools [1] [2] [3] show a UDP connection to wavetmc.com and a further binary download from demo.providenthousing.com/wp-content/uploads/2014/05/b01.exe
This second executable has a VirusTotal detection rate of 20/51. The Malwr report and Anubis report both show attempted connection to various mail servers (e.g. Gmail and Hotmail). Furthermore the Anubis report shows a data transfer to 83.172.8.59 (Tomsk Telecommunication Company, Russia).
Recommended blocklist:
83.172.8.59
wavetmc.com
demo.providenthousing.com
No comments:
Post a Comment