Date: Thu, 31 Jul 2014 12:26:53 +0200 [06:26:53 EDT]The file attached is actually DSC_9426679.zip and not .jpg, containing a malicious executable DSC_8832966.exe with a VirusTotal detection rate of 7/53. The CAMAS report shows that the malware attempts to download an additional component from the following locations:
From: EVERNOTE [lcresknpwz@business.telecomitalia.it]
Subject: File has been sent [redacted]
DSC_9426679.jpg attached to the letter
Copyright 2014 Evernote Corporation. All rights reserved
utilatas.com/333
sdi-ppe.com/333
shahlon.com/333
croydonsog.org/333
pc2print.co.uk/333
geo.num.edu.mn/333
hendredestate.co.uk/333
kelias.com/~anonimas/333
168.144.179.82/333
alperacarli.com/333
thecolabnetwork.com/333
www.deltaplus.com.sg/333
george-bergsig.co.za/333
qatthailand.com/333
deltaplus.com.sg/333
elegantscreens.com/333
drkeithrix.co.uk/333
w3stest.webuda.com/333
www.divine-paradise.com/333
www.langrace.com/333
avengingarden.com/333
These download locations are the same as yesterday's Amazon spam run. The downloaded file has a VT detection rate of 3/53.
The recommended blocklist is the same as yesterday.
No comments:
Post a Comment