Quantcast
Channel: » Analüüs
Viewing all articles
Browse latest Browse all 10

Itaalia DHL rämpspostist

January 23, 2013, 6:50 am
$
0
0

Today we received a spam email sent on behalf of DHL which pretend to ask us to print a document linked in the email (muidugi) et saada pakk saadetakse meile… jah :)

Nii abiga @ B0gi_ me seda kontrollida, nii:

dhl

Link teatas see email on ilmselt nimetatud häkkinud koduleheküljel:

hxxp://ministerioriodedios.com / ZNOMEAQXQV.php?kättesaamise = 651_1xxxxxx

Klõpsates sellel lingil saad laadida pahatahtlikku zip-fail käivitatava faili, which is masquerating as a Microsoft Word document.

dhl1

Täitmisfaili nimi on DHL_IT_ID652372_234.exe ja see on releved nagu õelvara lihtsalt mõnest viirusetõrje firmad:

https://www.virustotal.com/file/5a2cc978b52208464f0984cece8040d23a0d7464fe48fa41681b7c97e0220057/analysis/

Avastamine suhe: 6 / 46
Analüüs kuupäev: 2013-01-23 09:24:56 UTC
SHA256: 5a2cc978b52208464f0984cece8040d23a0d7464fe48fa41681b7c97e0220057

http://www.threatexpert.com / report.aspx?md5 = 355fda99177a295688c5a0e558f020e9

Fail MD5: 0x355FDA99177A295688C5A0E558F020E9
Faili SHA-1: 0xA3AEA2D5756366111E88963E72E725F2805D1381
Faili: 108.544 bytes

Kui teostatakse see säästab ja näitab txt fail, mis sisaldab mõne juhusliku info:

dhl3

Kuid, tegelikult, see toimib nagu tilguti ja on lihtsalt üritab pöörduda järgmiste hosts:

hxxp://81.93.248.152:8080
hxxp://109.75.184.192:8080
hxxp://85.214.22.38:8080
hxxp://66.232.145.174:6667
hxxp://82.113.204.228:8080
hxxp://46.4.178.174:8080
hxxp://85.214.50.161:8080
hxxp://88.40.201.187:8080
hxxp://85.197.78.70:8080
hxxp://173.255.203.178:8080
hxxp://72.29.84.159:60000
hxxp://217.11.63.194:8080
hxxp://202.169.224.202:8080
hxxp://80.90.198.43:8080
hxxp://46.163.77.229:8080
hxxp://66.84.10.68:8080
hxxp://190.111.176.13:8080

saatmise järgneva stringi parameeter:

/640039097CF2191E622C4BA5F4E03998EE58D58FDEE1EE4C17E6
0F4AB1B84952E4F2A7637006CCA1B98A70EF33EEBB9DA74E47AA5
9C04844222DAC151FC8C5724555E87E7D99905979A2E01F1A75F7

et alla laadida ohvri arvutisse käivitatava pahatahtliku faili ja mõned seotud DLL:

9ac68f053ceebdf18993a540ce4ac76b.exe
sb215.dll.crp
lite.dll.crp

See pahatahtliku käivitatava peetakse üldnimetuseks pahavara 5 viirusetõrje firmad:

https://www.virustotal.com/file/871f0213c9e9e2b40f4a1d188a6d2615e6a0f4fa20df3c021bc364455b724350/analysis/1358937002/

Avastamine suhe: 5 / 46
Analüüs kuupäev: 2013-01-23 10:30:02 UTC
SHA256: 871f0213c9e9e2b40f4a1d188a6d2615e6a0f4fa20df3c021bc364455b724350

http://www.threatexpert.com / report.aspx?md5 = c08baf89f755d40fac488e4811d5977e

Fail MD5: 0xC08BAF89F755D40FAC488E4811D5977E
Faili SHA-1: 0x8BEE9D756DE27C35406496920B37FF5F68C17E58
Faili: 42.488 bytes

ja seda proovida pöörduda järgmiste hosts:

http://whifflepufffournight.net / api / test
http://latestarguments.org / api / test

mis on seotud domeen wikimediasticky.asia mis kujutavad sisäänkirjautumislomake lehe kodulehekülg:

loginwikija see on ühendatud nagu näidatud järgneval robtex pilt:

wikimedia

hxxp://cnet.robtex.com/31.184.244.html

Selline tegevus on juba avastatud erinevad aega threatexpert:

http://threatexpert.com / reports.aspx?leida = api / test&x = 0&y = 0

Samuti, modifying the parameter passed to the malicious hosts listed before it seems that these hosts are hosting various kind of other malwares. A research on the internet confirmed our thesis.
Tegelikult, Me leidsime ka järgmise käivitatav ja pahatahtlike faile:

9ac68f053ceebdf18993a540ce4ac76b.exe
MD5: c08baf89f755d40fac488e4811d5977e

67ad970fbbc4f9b29bfeca40b0b4a54f.exe
MD5: cdc780117ee7a06be3cdfb51c0fff9c0

b2f7e9141eb124ce3152352c5df520f7.exe
MD5: 5b81e4a28dc01ee7635fb70951d0ac14

8138138143481348.exe
MD5: f8b22e6b7aa80ccd13556c3c3a9cdbf2

faa91cf5e79a76602f094ed38fad5872.exe
MD5: 44df1e7f9651ea8acbb060599a4fd945

64cfb0f235abac25d837b660f3e3549b.exe
MD5: 836a2177aa594998130995d817308309

793f1a748b84f99d2b768df44e86a1d1.exe
MD5: ccd264f780f13c1eefd6ca74cc37cc8b

The post Itaalia DHL rämpspostist appeared first on .

Search
Viewing all articles
Browse latest Browse all 10

Latest Images

Vimeo 10.7.0 by Vimeo.com, Inc.

Vimeo 10.7.0 by Vimeo.com, Inc.

March 20, 2024, 9:50 pm
HANGAD

HANGAD

March 8, 2024, 2:21 am
MAKAKAALAM

MAKAKAALAM

March 5, 2024, 10:15 pm
Doodle Jump 3.11.30 by Lima Sky LLC

Doodle Jump 3.11.30 by Lima Sky LLC

February 21, 2024, 4:10 pm
Doodle Jump 3.11.30 by Lima Sky LLC

Doodle Jump 3.11.30 by Lima Sky LLC

February 21, 2024, 4:10 pm

Trending Articles

Las pistas de Blue para colorear e imprimir

July 22, 2016, 1:25 am

Dibujos para colorear de Sonic

June 21, 2013, 2:47 am

Orquidea para colorear

November 30, 2013, 2:54 am

Rana para colorear

September 9, 2013, 9:07 am

Renos para colorear

December 22, 2013, 5:29 am

Dromedario para colorear

May 7, 2014, 12:36 am

People Walk Away Quotes, Inspire Quotes

May 11, 2013, 6:13 pm

Selos Quotes – Tagalog Love Quotes

August 29, 2013, 4:14 am

Tagalog Inspirational Quotes

March 8, 2014, 4:22 am

Mga Tala sa “Unang Siglo ng Nobela sa Filipinas” (2009) ni Virgilio S. Almario

May 15, 2013, 9:01 am

Pokemon para colorear

January 9, 2013, 5:59 am

Scooby doo para colorear

May 8, 2014, 9:19 am

Mandalas de flores para colorear

August 1, 2014, 6:47 am

Dibujos para colorear de perros

September 11, 2013, 6:49 am

Mariquitas para colorear

March 27, 2014, 9:27 am

Gwapo Quotes : Babaero Quotes

March 22, 2013, 6:19 pm

Dear Ex Quotes, Sakit Quotes

May 16, 2013, 9:32 pm

Long Distance Relationship Tagalog Love Quotes

February 19, 2014, 1:59 am

RE: Mutton Pies (mely)

February 4, 2009, 12:00 pm

Ang Nobela sa “From Darna to ZsaZsa Zaturnnah: Desire and Fantasy, Essays on...

May 18, 2013, 9:01 am
More Pages to Explore .....
Search

Latest Images

Vimeo 10.7.0 by Vimeo.com, Inc.

Vimeo 10.7.0 by Vimeo.com, Inc.

March 20, 2024, 9:50 pm
HANGAD

HANGAD

March 8, 2024, 2:21 am
MAKAKAALAM

MAKAKAALAM

March 5, 2024, 10:15 pm
Doodle Jump 3.11.30 by Lima Sky LLC

Doodle Jump 3.11.30 by Lima Sky LLC

February 21, 2024, 4:10 pm
Doodle Jump 3.11.30 by Lima Sky LLC

Doodle Jump 3.11.30 by Lima Sky LLC

February 21, 2024, 4:10 pm