2020-11-06 (Friday) - malspam pushing Formbook

1. Received: from gmail.com (unknown [156.96.62.91]) by [removed] for [removed];
2. Fri, 6 Nov 2020 13:29:33 +0000 (UTC)
3. Reply-To: fortunatodaniel.johndeere@gmail.com
4. From: "ART IMPEX GROUP LLP" <admin@gmail.com>
5. To: [removed]
6. Subject: RE: New Purchase Order
7. Date: 06 Nov 2020 05:29:28 -0800
8. Message-ID: <20201106052928.25D9DB79A8E2FA5A@gmail.com>
9. MIME-Version: 1.0
10. Content-Type: multipart/mixed;
11. boundary="----=_NextPart_000_0012_1EF192BB.8A3242F2"
12. X-Recommended-Action: reject
13.  
14. This is a multi-part message in MIME format.
15.  
16. ------=_NextPart_000_0012_1EF192BB.8A3242F2
17. Content-Type: text/html;
18. charset="iso-8859-1"
19. Content-Transfer-Encoding: quoted-printable
20.  
21. <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.=
22. w3.org/TR/html4/loose.dtd">
23.  
24. <HTML xmlns:o =3D "urn:schemas-microsoft-com:office:office"><HEAD>
25. <META name=3DGENERATOR content=3D"MSHTML 11.00.9600.16384"></HEAD>
26. <body style=3D"MARGIN: 0.5em">
27. <P style=3D"BACKGROUND: white; MARGIN: 0cm 0cm 0pt"><STRONG><SPAN style=3D'=
28. FONT-FAMILY: "Comic Sans MS"; COLOR: navy'>Dear Sir/Madam,<o:p></o:p></SPAN=
29. ></STRONG></P>
30. <P style=3D"BACKGROUND: white; MARGIN: 0cm 0cm 0pt"><SPAN style=3D'FONT-SIZ=
31. E: 6.5pt; FONT-FAMILY: "Verdana","sans-serif"; COLOR: black'><o:p>&nbsp;</o=
32. :p></SPAN></P>
33. <P style=3D"BACKGROUND: white; MARGIN: 0cm 0cm 0pt"><STRONG><SPAN style=3D'=
34. FONT-FAMILY: "Comic Sans MS"; COLOR: navy'>I am re-sending this email as we=
35. have not received any response from your&nbsp;firm regarding our pending P=
36. O.</SPAN></STRONG><SPAN style=3D'FONT-SIZE: 6.5pt; FONT-FAMILY: "Verdana","=
37. sans-serif"; COLOR: black'><o:p></o:p></SPAN></P>
38. <P style=3D"BACKGROUND: white; MARGIN: 0cm 0cm 0pt"><STRONG><SPAN style=3D'=
39. FONT-FAMILY: "Comic Sans MS"; COLOR: navy'>Please find attached NEW PURCHAS=
40. E ORDER.</SPAN></STRONG><SPAN style=3D'FONT-SIZE: 6.5pt; FONT-FAMILY: "Verd=
41. ana","sans-serif"; COLOR: black'><o:p></o:p></SPAN></P>
42. <P style=3D"BACKGROUND: white; MARGIN: 0cm 0cm 0pt"><STRONG><SPAN style=3D'=
43. FONT-FAMILY: "Comic Sans MS"; COLOR: navy'>If you have any comment regardin=
44. g the payment terms as mentioned, kindly notify us immediately.</SPAN></STR=
45. ONG><SPAN style=3D'FONT-SIZE: 6.5pt; FONT-FAMILY: "Verdana","sans-serif"; C=
46. OLOR: black'><o:p></o:p></SPAN></P>
47. <P style=3D"BACKGROUND: white; MARGIN: 0cm 0cm 0pt"><SPAN style=3D'FONT-SIZ=
48. E: 6.5pt; FONT-FAMILY: "Verdana","sans-serif"; COLOR: black'>&nbsp;<o:p></o=
49. :p></SPAN></P>
50. <P style=3D"BACKGROUND: white; MARGIN: 0cm 0cm 0pt"><STRONG><SPAN style=3D'=
51. FONT-FAMILY: "Comic Sans MS"; COLOR: navy'>Waiting for your prompt feedback=
52. </SPAN></STRONG><SPAN style=3D'FONT-SIZE: 6.5pt; FONT-FAMILY: "Verdana","sa=
53. ns-serif"; COLOR: black'><o:p></o:p></SPAN></P>
54. <P style=3D"BACKGROUND: white; MARGIN: 0cm 0cm 0pt"><STRONG><SPAN style=3D'=
55. FONT-FAMILY: "Comic Sans MS"; COLOR: navy'>Best Regards.</SPAN></STRONG><SP=
56. AN style=3D'FONT-SIZE: 6.5pt; FONT-FAMILY: "Verdana","sans-serif"; COLOR: b=
57. lack'><o:p></o:p></SPAN></P>
58. <P style=3D"BACKGROUND: white; MARGIN: 0cm 0cm 0pt"><STRONG><SPAN style=3D'=
59. FONT-FAMILY: "Comic Sans MS"; COLOR: navy'>Roman Cheremisin</SPAN></STRONG>=
60. <SPAN style=3D'FONT-SIZE: 6.5pt; FONT-FAMILY: "Verdana","sans-serif"; COLOR=
61. : black'><o:p></o:p></SPAN></P>
62. <P style=3D"BACKGROUND: white; MARGIN: 0cm 0cm 0pt"><SPAN style=3D'FONT-SIZ=
63. E: 6.5pt; FONT-FAMILY: "Verdana","sans-serif"; COLOR: black'>&nbsp;<o:p></o=
64. :p></SPAN></P>
65. <P style=3D"BACKGROUND: white; MARGIN: 0cm 0cm 0pt"><STRONG><SPAN style=3D'=
66. FONT-SIZE: 14pt; FONT-FAMILY: "Comic Sans MS"; BACKGROUND: white; COLOR: #9=
67. 93300'>ART IMPEX GROUP LLP</SPAN></STRONG><SPAN style=3D'FONT-SIZE: 6.5pt; =
68. FONT-FAMILY: "Verdana","sans-serif"; COLOR: black'><BR></SPAN><STRONG><SPAN=
69. style=3D'FONT-FAMILY: "Comic Sans MS"; BACKGROUND: white; COLOR: #993300'>=
70. 130000, Aktau, 14 microdistrict, building &#8470;7</SPAN></STRONG>
71. <SPAN style=3D'FONT-SIZE: 6.5pt; FONT-FAMILY: "Verdana","sans-serif"; COLOR=
72. : black'><BR></SPAN><STRONG><SPAN style=3D'FONT-FAMILY: "Comic Sans MS"; BA=
73. CKGROUND: white; COLOR: #993300'>Republic of Kazakhstan</SPAN></STRONG><SPA=
74. N style=3D'FONT-SIZE: 6.5pt; FONT-FAMILY: "Verdana","sans-serif"; COLOR: bl=
75. ack'><BR></SPAN><STRONG><SPAN style=3D'FONT-FAMILY: "Comic Sans MS"; BACKGR=
76. OUND: white; COLOR: #993300'>Roman.Cheremisin@artimpexx.kz</SPAN></STRONG>
77. <SPAN style=3D'FONT-SIZE: 6.5pt; FONT-FAMILY: "Verdana","sans-serif"; COLOR=
78. : black'><BR></SPAN><STRONG><SPAN style=3D'FONT-FAMILY: "Comic Sans MS"; BA=
79. CKGROUND: white; COLOR: #993300'>www.artimpexx.kz</SPAN></STRONG><SPAN styl=
80. e=3D'FONT-SIZE: 6.5pt; FONT-FAMILY: "Verdana","sans-serif"; COLOR: black'><=
81. o:p></o:p></SPAN></P>
82. <P>&nbsp;</P></BODY></HTML>
83. ------=_NextPart_000_0012_1EF192BB.8A3242F2
84. Content-Type: application/octet-stream; name="New Purchase Order.gz"
85. Content-Transfer-Encoding: base64
86. Content-Disposition: attachment; filename="New Purchase Order.gz"
87.  
88. - NOTE: The attachment has been removed from this message
89. - Attachment SHA256 hash: f5dd8897534cc33654993055789a6935b53e1ea61ae1c78e237e4f89253b8f3e
90. - Extracted Formbook EXE: 4a133d999625335790a3b0846e11e45b43d8b44b000aaac9bb2379f16a06903c
91. - Tweet with info about this paste: https://twitter.com/malware_traffic/status/1324751772943089666
92.  
93. ------=_NextPart_000_0012_1EF192BB.8A3242F2--