Mastodawn

IrishMASMS Apr 24, 2024

Today's #malware is a "DHL Express Inc" message with the content "FYA" and this attachment.

The SRC is 102.211.56.109 which is owned by maxko.org a #MMORPG #developer and #HostingProvider in #Sisak
IP is not currently a #openRelay and this appears to be a #compromised account with #cloudreliable.com

Archive unpacked: DHL Parcel Receipt_pdf.gz (#application/#gzip, 746.96 kB)
#MD5:
2ff3fd65c6fad4a8d0c8a3eaa83452ab
#SHA1:
e6cfce9a587b3e07801d4ac1f8dc97b2b5b9faf3
#SHA256:
6e041c223275155b530b0c1a6ebcfca0f81b312ef61b01324465883825fb8594
#SHA512:
90e3fc572aa8ed1b22501400d6a77f6fa6ad57fcc1597e935f44144892ac2819b16dce9dd1397711bbbc830401d52d932989204e53ec88ed26fda8aa64d1d008

https://www.filescan.io/uploads/66293f9d3137a4e0f3bf3311

#VT has 10/64 detections calling it #trojan.msil/#amsibypass
https://www.virustotal.com/gui/file/6e041c223275155b530b0c1a6ebcfca0f81b312ef61b01324465883825fb8594/detection/f-6e041c223275155b530b0c1a6ebcfca0f81b312ef61b01324465883825fb8594-1713966832

#spammers #scammers #malicious #suspectfiles
#malware #triage #ioc #_ioc #infosec #informationSecurity #IncidentResponce #IR
#spam #infosec #infomantionSecurity #virustotal

Filescan.IO - Next-Gen Malware Analysis Platform

Submit malware for analysis on this next-gen malware assessment platform. Filescan GmbH develops and licenses technology to fight malware with a focus on Indicator-of-Compromise (IOC) extraction at scale.