The “URGENT REQUEST FOR PRICE OFFER” and “Ürün 56787898 için sipariş” email attachments contain an exe: the malware. Data is stolen via SMTP and Telegram API.
The "Purchase Order 20000963.zip" attachment contains an img file with the "New Prices List" exe inside: the malware. The stolen data is exfiltrated via SMTP.
The zip attachment of a email about a fake invoice contains an iso file with an exe inside: the malware. The stolen data is exfiltrated via SMTP to an email address.
The “854F1E97-5DBB-4A87-A566-33D9012B05E2pdf.lzh” attachment of the “MEPAS E-Arsiv Fatura” email contains an exe: the malware. Stolen data is exfiltrated via Telegram API.
The “854F1E97-5DBB-4A87-A566-33D9012B05E2” attachment of the “MEPAS E-Arsiv Fatura” email contains an exe: the malware. Stolen data is exfiltrated via Telegram API.