NUEVO MAIL MALICIOSO QUE ANEXA FICHERO .JAR con malware JAVA ADWIN PK

Otro mail malicioso ofrece la descarga de un fichero con doble extension .PDF.JAR, que los usuarios que no tengan configurado especialmente el ver las extensiones de los ficheros, no verán la última .JAR que es realmente la que se ejecuta.

MAIL MALICIOSO:
_______________

Asunto: RE: AW: New Order/ Nuevo orden
De: “Michalis Kinova”<r.kinova@schetoconsult.com>
Fecha: 21/03/2017 12:57
Para: undisclosed-recipients:;
Good morning

Please could you look into the order from our customer attached and then arrange to send us proforma invoice.

We await your earliest response.

Kind Regards,
Michalis
Sales AdministratorPhone: +973 17 297 227 Ext.: 237
Fax: +973 17 297 337
Map:http://goo.gl/maps/e078f
www.amthal-group.com

Disclaimer:
This email, its contents and any file attachment(s) transmitted with it are privileged and confidential material of Al-Amthal Group W.L.L. And should not be disclosed to, used by or copied in any manner by anyone
other than the intended addressee(s). If this email has been received by error, please advise the sender immediately and delete it from your system.

The views expressed in this email message are those of the individual sender, except where the sender expressly, and with authority, states them to be the views of Al-Amthal Group. Any unauthorized review, use,
disclosure, dissemination, forwarding, printing or copying of this email or any action taken in reliance on this email is strictly prohibited and may be unlawful.
We have taken every reasonable precaution to minimize the risk that this email may contain viruses, but is not liable for any damage you may sustain as a result of any virus in this email. You should carry out
your own virus checks before opening the email or attachment(s).
we are neither liable for the proper and complete transmission of the information contained in this communication nor for any delay in
its receipt.

Please consider the environment. Save a tree, and dont print this e-mail
unless necessary.

From: ANDJELKOVIC Dunja [mailto: Andrea Kairouz; Import@sleep-comfort.com]
Sent: Friday , February 03, 2016 9:48 AM To: MILOJKOVIC Aleksandar Cc:
GAJIC Aleksandar < Aleksandar.GAJIC ; VUJICIC Branka < Branka.VUJICIC ;
MILOJKOVIC Aleksandar < Aleksandar.MILOJKOVIC Subject: Fwd: Re: New
order-Izvod / Remittance

Postovani,

order Attached. : Order 230 HOROMIDIS-pdf.JAR (fichero anexado malicioso)

Srdacan pozdrav / Kind regards

—————————— ———-

Dunja Andjelkovic
Intern
Mid Market Department
CIB & PB Division
—————————— ———-

Please consider the environment before printing this e-mail

This e-mail is confidential and may also contain privileged information.
If you are not the intended recipient you are not authorized to read,
print, save, process or disclose this message. If you have received this
message by mistake , please inform the sender immediately and delete this
e-mail, its attachments and any copies. Any use, distribution,
reproduction or disclosure by any person other than the intended recipient
is strictly prohibited and the person responsible may incur penalties.
Thank you!
__________________

FIN MAIL MALICIOSO

El mail en cuestión ofrece como remitente una empresa de Bahrein, Estado soberano insular asiático situado cerca de la costa oeste del golfo Pérsico.

El preanalisis de virustotal ofrece el siguiente informe:

MD5 769b2ffa49252cd20765bb291aaf27b3
SHA1 d8071f6b1bc436dbe5f3245186a989055421a856
Tamaño del fichero 522.9 KB ( 535438 bytes )
SHA256: 03ebc1b8cd4f41d07fc5fff9f5a10807b84f800c36789dec5aab51b8c7f20961
Nombre: Order 230 HOROMIDIS-pdf.jar
Detecciones: 14 / 59
Fecha de análisis: 2017-03-22 11:47:15 UTC ( hace 4 minutos )

total.com/es/file/03ebc1b8cd4f41d07fc5fff9f5a10807b84f800c36789dec5aab51b8c7f20961/analysis/1490183235/

Dicha versión del ELISTARA 36.49 que lo detecta y elimina, estará disponible en nuestra web a partir del 23.3 prox

saludos

ms, 22-3-2107