Sanesecurity ClamAV blog: zero hour malware, phishing and scams: FedEx Home Delivery Postal Notification malware

Friday, 2 January 2015

FedEx Home Delivery Postal Notification malware

FedEx Home Delivery Postal Notification malware is now arriving in the form of a html email,
with a link to a website which auto-downloads a dangerous zip file:

Headers:

From: "FedEx Home Delivery" {support@fincaelsympatico.es}
X-Mailer: TWIG2.6.2
Reply-To: "FedEx Home Delivery" {support@fincaelsympatico.es}
Subject: Postal Notification

Message body:

Dear Customer,

Your parcel has arrived at December 29. Courier was unable to deliver the parcel to you.
To receive your parcel, print this label and go to the nearest office.

Get Shipment Label

Clicking on the link with a Windows system gives you a zip file (name based on IP address location)

Label-Crewe.zip

Clicking on the link with an non-Widows system...the zip isn't downloaded...

Yes, Windows 9x...

On the Windows machine, Inside the zip, is Windows executable:

Label-Crewe.exe

VirusScanner Reports:

Md5 Hash: eb0e95be3e03b5616ddd388c583c52b4
VirusTotal Report : [ 9 / 56] (a variant of Win32/Kryptik.CULP)
Malwr Report
Hybrid-Analysis Report

When the exe files runs, the following location is accessed:

IP: 217.106.239.250
Port 443
Location: Russian Federation

Best avoid this one...

Cheers,

Steve
Sanesecurity.com

Sanesecurity ClamAV blog: zero hour malware, phishing and scams

Amazon3

Pages

Amazon

Friday, 2 January 2015

FedEx Home Delivery Postal Notification malware

No comments: