New Order Malspam with ACE Attachment - 2018-05-23

Malspam email contains an ACE compressed file which has an executable file inside.


"sender" from:
Celia Lin <hiren[.]shah@sanjeevflexipack[.]com>

Sender IP:
ASN: 41011
ISP: Ch-net S.r.l. / for lasthop(s):

Headers received:
from localhost (localhost [127[.]0[.]0[.]1]) by safe1a[.]securemailsystem[.]com (CubeMail) with ESMTP id 885A645241 for redacted@email; Wed, 23 May 2018 06:14:20 +0530 (IST)


Headers x-mailer:

Subject line(s):
New Order

Message Body:
“Dear Supplier, Good Day Please find our new urgent order herein attachment and follow up immediately. We look forward to receive your kind reply asap. Thank You. Have a nice day Best Regards Celia Lin, GOODWILL OCEAN ISONIC CO., LTD Address:No.117,Qianqiao Road,QingCun Town,FengXian Dist,Shanghai China”

Name: IMGPO#009147.ace
MD5: dd0eccd3847b16ee18d30c52440453e7
SHA1: 50edccd312297885e3788816ccbb36dc2be3e4e4
SHA256: bbc1bb01f7a355ec35bb7b556e9da63b8c3da51b37358f18a9b30e81440370c3
SHA512: 66a260f268bd15075a9a975dd9d77900b304d2e7b63fa5335774fd3d740a70743bc4eec1c59f5dc4a515426cff0e5cb388826e5b0279121a709ea0ae6db6b202
File type: ACE archive data version 20, from Win/32, version 20 to extract, contains AV-String (unregistered), solid
File size: 255944

Virus Total:

EXE file details:
Name: IMGPO#009147.exe
MD5: d967418b725dd46fe3125290c7a43c9d
SHA1: 829d2239f3f2cdc23e4c8849e4d9b489bdb8f743
SHA256: a6dbd44f87b85b43959822229f2350e8d200f25b4fe1d118b25b71f9ea521bda
File type: PE32 executable (GUI) Intel 80386, for MS Windows
File size: 655360

Defeating the VB5 Packer