Malware Email : “Your Invoice # 075116” | [email protected]

Yesterday I received the suspicious email below which had an “invoice” attached The pdf attachment contains a javascript that will try to launch an embedded file. Statically analysing the file The sample extracted is (adffff8a8b174bdc9f8e9d4e4ce53f7a HJHZOOLJL.docm) is already detected by multiple engines (14/58 VT) if the user chooses to open the file, it will be presented with… Read More »

[UPDATED] Phishing Email : [Notice] : Apple Statement account update information login to re-active

I sometimes receive email samples from users (Thank you!)  to analyse. This time it an apple phishing email asking the user to verify her apple account (snippet below) The email appears to be coming from “94.249.236.102” using SMTP relay of “cloud9-netdesk[.]com” .The latter seems to be using Google as registrar and it’s not live anymore http://whois.domaintools.com/94.249.236.102 http://whois.domaintools.com/cloud9-netdesk.com

Read More »

Malware Email: “BTC-e codes for pisto1wf1” / [email protected]

This morning I received the following email from “Barton Norman” ([email protected]) As the attachment is password protected with password “qqkz6G52N6uj” it will easily bypass most of the antispam filters as the attachments can’t be scanned. The malicious sample can’t be scanned (encrypted sample has zero VT detections- https://www.virustotal.com/en-gb/file/ab891e0185b6b488d960c1f3445378c1cee28ffe9f50845c657ab16e98f96a43/analysis/1493744207/) Once we have removed the password, it appears that… Read More »