Thursday, 12 March 2015

Wong Liu-Kung New Order order#8793092pdf.rar

Wong Liu-Kung New Order order#8793092pdf.rar attachment.

These emails aren't from these companies at all , they are just being used to make the email look more genuine, ie. from a real company.
Note
It's also worth remembering that the company itself  may not have any knowledge of this email and it's link(s) or attachment as it won't have come from their servers and IT systems but from an external bot net.

It's not advised to ring them as there won't really be anything they can do to help you.

Message Header::

From: "Wong Liu-Kung" {supply@sunlight-agency.com.eg}
Subject: Re: New Order
Message Body:
Dear Sir,

Greetings to you.

Kindly Find attached our = Purchase order(order8793092),
Please send us invoice with their best price.
Note that item #534 and #535 is needed in a very large quantity,
So you will have to give us discount with your best price.
I await the invoice asap.

Best Regards
Moataz Barbour
(Sales Manager)
Amer Group Egypt
Building 11 Cleopatra Street, Korba Area,Cairo Egypt
Phone: +20 224155896
Fax: +20 22399755023
 Attachment:
order#8793092pdf.rar
Inside the Rar file is a windows executable:
order#8793092pdf.exe

Sha256 Hashes:
bc0e6d94c661ae2767690093d075b7865d572ced2c2fc36e6ae4597dd782aec9 [1]

Malware Macro document information:
VirusTotal Report [1] (hits 2/57 Virus Scanners)

Malwr Report [1]

Hybrid Analysis Report: [1]

Cheers,
Steve

No comments: