Subject: Delivery Status Notification
From: "FedEx Priority Overnight"
FedEx
Dear Customer,
Your parcel has arrived at December 12. Courier was unable to deliver the parcel to you.
To receive your parcel, print this label and go to the nearest office.
Get Shipment Label
FedEx 1995-2014
Screen grab...
If you "hover" the mouse of the "Get Shipment Label":
Hmmm... doesn't seem legit at all... and you're correct it's not.
What is interesting if you clicked on the link... the downloaded file is named to be Label-, followed
by your IP locations details...
eg.
Label-Winsford-CW7.zip
Inside the above zip is: Label-Winsford-CW7.exe
All of which is designed to make the email seem legit, as they have your Location and Postcode !
A typical Get your Location details from your IP address/Browser can be found here: https://freegeoip.net/
I've run the file through Jotti and VirusTotal:
Hash: (94c5fb4c6c6fc1da555a909b63784e1) Jotti: [6/22]
Hash: (94c5fb4c6c6fc1da555a909b63784e1) VirusTotal: [10/56]
Generally, it seems to be: Win32/Kryptik.CTFL
Cheers,
Steve
Sanesecurity.com
No comments:
Post a Comment