Sponsored by..

Friday 20 June 2014

"2014_06rechnung_0724300002_sign.zip" spam

I don't have a sample of the German-language spam spreading this attack, but it is similar to this one and it entices the victim to download a ZIP file  from [donotclick]officialdund.co.uk/wp-content/themes/officialdund/mobilfunktelekom/2014_06rechnung_0724300002_sign.zip

Inside the ZIP file is a malicious executable 2014_06rechnung_0724300002_pdf_sign_telekomag_deutschland_gmbh.exe which has a very low VirusTotal detection rate of just 1/54. The Malwr report shows that it downloads a further executable rqvupdate.exe [Malwr report] which phones home to (Server Central, US) and has a VT detection rate of just 2/52.

The Anubis report also shows connections to (Server Central, US), (OVH, France / QHoster Ltd, Bulgaria) and (Ransom IT Hosting, New Zealand)

Recommend blocklist:

No comments: