A zip attachment contains a img with an exe: the malware. The other, a pdf downloading a zip with an exe: the same malware. The data is exfiltrated via SMTP.
Cybercrime, STRRAT campaign via fake email from Iran
STRRAT campaign via fake email from Iran. The “درخواست برای نقل قول RFQ 00772544 DCA_pdf.jar” attachment contains the malware itself
STRRAT hides inside a fake email from Iran, which it uses as a decoy RFQ.
The “درخواست برای نقل قولRFQ 00772544 DCA_pdf.jar” attachment contains the malware itself. STRRAT, aka STRATION and WAREZOV, is a family of worms that propagates using email. The goal is to create a zombie network that can be exploited to send spam or other malicious payloads.