with a link to a website to a dangerous zip file:
Headers:
Message body:
Date: Tue, 6 Jan 2015 04:09:38 -0600
From: "Fedex" {prequelsnmj1@codywyoming24.com}
Subject: Postal Notification Service
You can see, if you hover over the "Get Shipment Label", it's going to download a zip file:
Dear Customer,
Your parcel has arrived at December 28. Courier was unable to deliver the parcel to you. To receive your parcel, print this label and go to the nearest office
Clicking on the link with a Windows system gives you a zip file:
notification.zip
On the Windows machine, Inside the zip, is Windows executable:
VirusScanner Reports:
Md5 Hash: 6fcf7288083e68e9315813016732f6f
VirusTotal Report: [1] (2/56 scanners report a hit)
Malwr Report
Hybrid-Analysis Report
Best avoid this one...
Cheers,
Steve
Sanesecurity.com
No comments:
Post a Comment