Fake email DHL with subject “DHL Levering: 7TOWTQ6363338851” downloads malware


MX Lab, http://www.mxlab.eu, started to intercept a new malware distribution campaign by email with the subject “DHL Levering: 7TOWTQ6363338851”. The email has the DHL logo included, is written in Dutch and sent to .nl domains and as such targetting DHL customers in the Netherlands.

This email is send from the spoofed address “DHL Parcel <****@*****.**>” and has the following body:

DHL

Beste Meneer/Mevrouw,

Uw order is klaar om verzonden te worden en word morgen tussen 10.45 en 14.00 op nummer 14 geleverd.

Meer informatie over u order kunt u vinden op deze webcode 7TOWTQ6363338851

Voor meer informatie: website

Groet,

DHL Parcel afdeling.

The embedded URL hxxp://toptiptiopee.top/trackdhl.exe will download the 1,6 MB large file trackdhl.exe.

The malware is detected as Win32.Trojan.WisdomEyes.151026.9950.9962, HEUR/QVM03.0.0000.Malware.Gen or  HW32.Packed.EC8A by 4/56 AV engines at Virus Total and the analysis is available on Malwr.

One thought on “Fake email DHL with subject “DHL Levering: 7TOWTQ6363338851” downloads malware

  1. Ik kreeg onderstaande vergelijkbare variant:

    Beste Meneer/Mevrouw,

    Uw levering is klaar om verzonden te worden en word zo snel mogelijk geleverd.

    U kunt uw paket volgen via de trackcode: 2GGWSW9547471166

    Onduidelijkheid? Bekijk de : website

    Groet,

    DHLParcel.NL

Comments are closed.