Mail masivo que contiene un link que descarga un zip que contiene dos exes maliciosos

Un nuevo mail malicioso está llegando con contenido similar a:





MAIL MALICIOSO:

________________





De: MT Lovelybakestudio .

Enviado el: miércoles, 07 de junio de 2017 10:02

Asunto: New Order detail list 06.07.17

 

Dear Sir,



Our company Lovely group is based in India.



You will find details of our trial orders in the Order details excel file. Also enclosed is our company's profile for your kind reference.



Quantities and delivery port are stated in attached file. Also confirm your payment terms.



Waiting for your reply.



Thanks and Regards,

Sunil Kumar

Marketing Manager

Lovely Group, Jalandhar​





LINK MALICIOSO : mailbox-message://sat@172.16.16.3/Inbox#708?header=saveas&part=1.6&filename=image001.png



__________________

FIN MAIL MALICIOSO





El ZIP descargado contiene dos EXE que pasamos a controlar como Backdoor NETWIRED y keylogger REMCOS a partir del ElistarA 36.99 de hoy



https://www.virustotal.com/es/file/04ec4d03e7763ab90a13e6825a5ceb69d1976de2660562d24fa1ad600d8d08bd/analysis/1496845173/



https://www.virustotal.com/es/file/42ef75b4ee430900d7e9da97ddd74d10793da9a73fade34b7d0f6bc33559f67d/analysis/1496710723/



Dicho ElistarA 36.99 que los detecta y elimina, estará disponible en nuestra web a partir del 8-6-2017





saludos



ms, 7-6-2017