MX Lab keeps on intercepting Bredolab variants where the DHL tracking story is present in the email.

The From address is Manager Reinaldo Pelletier <delivery@dhl-usa.com>. The name of the person is choosen randomly and can be any combination of first and last name. The subject of the email is “DHL Express Services. Please get your parcel NR.37888″. The email contains the attachment DHL_Delivery_Label_089d97c.zip with DHL_Delivery_Label_089d97c.exe. Be aware, that the numbers in the filenames and subject can change randomly.

The body of the email:

Dear customer!

The courier company was not able to deliver your parcel by your address.
Cause: Error in shipping address.

You may pickup the parcel at our post office personaly!

Please attention!
The shipping label is attached to this e-mail.
Print this label to get this package at our post office.

Thank you for attention.
DHL Services.

At the time of writting, only 14 of the 41 AV engines detected the virus. Virus Total permlink and MD5: 7e4fd271218525ea87787edd4443ffae.