New Order Malspam Delivering Lokibot - 2018-06-27

Timestamps:
2018-06-27T20:10:24
2018-06-27T13:35:53

Subject lines
new po

Body:
“Good morning, Thank you very much for your inquiry. Please find our quotation attached. On Group International Import And Export T:+612 9316 5966 F: +612 9316 9551 Olivetti House 140 William st East Sydney 2011 NSW Australia www.ongrp[.]com”

Attachments:

Name:
New order.pdf
New inquiry -289437.iso
New Inquiry- CVS.pdf

File size:
221624
724992
221563

MD5:
3e4426baa5ae2734919d0f28763837f4
0515c5a3eaf9bb51a8dbf50a87f6056d
eb85461e4d91167277b96eaec9e259a2

SHA1:
91e1f3b200043de95083d864c111e0e55cb38135
254aa8f66e62290b72b21a427be16d64a4ee1bba
dfe7388072dbdc490c33a0219d9032dc443ae4da

SHA256:
9edbc294af288c61e618921d157a9304f7d097ad5a4ede287a6f62120e7d4496
b89b57efe13f29dc8295822479e3fb72e9246ae193538ba9c7aa9360c745aaef
fee4d653f5b62b987af876c15036ccb18ec1c50caad7e6a7259dc8365dc114fd

SHA512:
f7c0fbf93c7f13a69595fbaf9bc38b10760f8a8e26e0a81d228bc8fc87b5820e2324610fe09c9b7c4e108b184fafeaa02d5244b793b0b2399203e802c43ee967
3bad203940a19838132489121f1dea8152a77435ee230b6b2f9a7c1827319610fd02a38bcc49a167b3897d618f499b7e038b6d0862d5aaa0da23f2db466facde
ba1abc41438b6ee1079fd27f402a8d1cafc0fe9129ef2fde364d99e355baa23b917191d616bfaf827734b8903327f9aca6f950c9b2d271354429675ea291b4fa

https://www.virustotal.com/#/file/b89b57efe13f29dc8295822479e3fb72e9246ae193538ba9c7aa9360c745aaef/detection
https://www.virustotal.com/#/file/9edbc294af288c61e618921d157a9304f7d097ad5a4ede287a6f62120e7d4496/detection
https://www.virustotal.com/#/file/fee4d653f5b62b987af876c15036ccb18ec1c50caad7e6a7259dc8365dc114fd/detection

Type:
PDF document, version 1.7
ISO 9660 CD-ROM filesystem data ‘New inquiry -289437’

Mime:
application/pdf
application/x-iso9660-image

URLs:
hxxp://bitcoiners.trade/btc/newinquiry.iso
hxxps://bitcoiners.trade/btc/New%20Order%20CVS%20-733738.pif

Downloaded/Dropped:
Name: New inquiry -289437.exe
MD5: 1e7b197ba06137b55a0f6f1b5721bf09
SHA1: a65d884b27bb37b8333daa0f6cafad651e54a3af
SHA256: 103b0f80d59e627c6f902c9779a8a7b306965228c24c0e1dbdcc6b71bf7c9fa8
File type: Win32 EXE
File size: 648000

Name: New%20Order%20CVS%20-733738.pif
MD5: 5626736fd91f3af6d229de5164e88fe5
SHA1: 6ca52fa5b39420ac9085f5671a3030c8895e7d65
SHA256: 36647e1fc9a0e847f7c44259ae87f179474beb76a0d72a0b92af5a676fc6a6e7
File type: Win32 EXE
File size: 636000