Friday, 19 December 2014

malware: fake FedEx Priority Overnight email

I've seen fake FedEx emails before...

Subject: Delivery Status Notification
From: "FedEx Priority Overnight"
 
  FedEx
 
  Dear Customer,
 
  Your parcel has arrived at December 12. Courier was unable to deliver the parcel to you.
  To receive your parcel, print this label and go to the nearest office.

  Get Shipment Label
 
  FedEx 1995-2014


Screen grab...



If you "hover" the mouse of the "Get Shipment Label":

 


Hmmm... doesn't seem legit at all... and you're correct it's not.

What is interesting if you clicked on the link... the downloaded file is named to be Label-, followed
by your IP locations details...

eg.

Label-Winsford-CW7.zip

Inside the above zip is: Label-Winsford-CW7.exe

All of which is designed to make the email seem legit, as they have your Location and Postcode !

A typical Get your Location details from your IP address/Browser can be found here:  https://freegeoip.net/


I've run the file through Jotti and VirusTotal:

Hash: (94c5fb4c6c6fc1da555a909b63784e1) Jotti: [6/22]
Hash: (94c5fb4c6c6fc1da555a909b63784e1) VirusTotal: [10/56]


Generally, it seems to be: Win32/Kryptik.CTFL

Cheers,

Steve
Sanesecurity.com


No comments: