Category Archives: Malware

Malware Email : “Your Invoice # 075116” | [email protected]

Yesterday I received the suspicious email below which had an “invoice” attached The pdf attachment contains a javascript that will try to launch an embedded file. Statically analysing the file The sample extracted is (adffff8a8b174bdc9f8e9d4e4ce53f7a HJHZOOLJL.docm) is already detected by multiple engines (14/58 VT) if the user chooses to open the file, it will be presented with… Read More »

Malware Email: “BTC-e codes for pisto1wf1” / [email protected]

This morning I received the following email from “Barton Norman” ([email protected]) As the attachment is password protected with password “qqkz6G52N6uj” it will easily bypass most of the antispam filters as the attachments can’t be scanned. The malicious sample can’t be scanned (encrypted sample has zero VT detections- https://www.virustotal.com/en-gb/file/ab891e0185b6b488d960c1f3445378c1cee28ffe9f50845c657ab16e98f96a43/analysis/1493744207/) Once we have removed the password, it appears that… Read More »

Malware Email: “DHL Shipment Notification : 9155702****”/”[email protected]

FROM: [email protected]<[email protected]> Return-Path: [email protected] SUBJECT: DHL Shipment Notification : 9155702**** DATE: Thu, 22 Oct 2015 04:20:08 Kindly review attachments for Delivery Documents relating to your DHL Package On-board. __________________________________________________________________________ AWB Number: 9155702**** Pickup Date: 2015-10-25 11:25:00 Service: U Pieces: 1 Cust. Ref: Description: Shipping Documents ___________________________________ Ship From: SMA AV DEL VALLES 308 MARIANIA- TERRASSA, 08117 ES… Read More »

Malware Email: “Scanned document from MX-2600N”/”[email protected]

This fake scanned document has a malicious payload attached: FROM: [email protected] REPLY TO: [email protected] SUBJECT: Scanned document from MX-2600N DATE:Sun, 11 Oct 2015 13:59:06 Attached file is scanned document in XLS format. The filename of the attached file is: [email protected]_20151011_160214.xls (where victimdomain.tld is the victim’s own domain) File name: [email protected]_20151011_160214.xls File size: 103.5 KB ( 105984 bytes ) MD5… Read More »