Please do not reply directly to this automatically generated e-mail message.Ī -link-in-the-email- downloads a malicious VBS script, and because it's quite late I'll just say that Hybrid Analysis* has seen it all before. If you have any further questions regarding your invoice, please call Customer Service. Please download file containing your order information. "This fairly generic spam leads to Locky ransomware: The basic rule is NEVER open any attachment to an email, unless you are expecting it." Payload Security** - delivers /REjhb54 (VirusTotal ***). an email with the subject of 'Fax from: (01242) 856225' pretending to come from Free Fax to Email. An alternative download location isĭO NOT follow the advice they give to enable macros or enable editing to see the content. exe file that gets renamed to hgfudf.exe and autorun (VirusTotal 18/63***). net/picture_library/logo.png which of course is -not- an image file but a renamed. Ref72381821.doc - Current Virus total detections 4/58*. "An email with the subject of 'Ref: 72381821' pretending to come from Barclays Bank but actually coming from a look-a-like domain Barclays -or- Barclays with a malicious word doc attachment is today’s latest spoof of a well known company, bank or public authority delivering Trickbot banking Trojan. SCAN_PO#: Extracts to: SCAN_PO#.exe - Current Virus total detections 23/64* Update: I am reliably informed it is nanocore RAT 1.2.2.0. All detections on VirusTotal are heuristic or generic detections but it is quite well detected. an email with the subject of 'RFQ072017' coming from Stafford Shawn (possibly random senders) but definitely coming via Yahoo email network with a zip attachment containing a file that pretends to be a pdf file but is an. Fake 'purchase order' SPAM - delivers malware
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |