Shipping Notification Phishing Email Delivering Archive with Malware Loader

Phishing emails targeting procurement and facilities delivered a ZIP attachment named Shipping_Details_2026.zip containing an executable disguised as a PDF (Delivery_Document.exe). When executed the file injected into explorer.exe and initiated regular outbound connections to 185.38.142.60, providing actionable IOCs (sender dispatch@courier-resolution.com, archive and executable names, IP, and process injection behavior).