Tuesday, 6 January 2015

Fedex Postal Notification Service malware

FedEx Postal Notification Service malware is now arriving in the form of a html email,
with a link to a website to a dangerous zip file:

Headers:
Date:     Tue, 6 Jan 2015 04:09:38 -0600
From:     "Fedex" {prequelsnmj1@codywyoming24.com}
Subject: Postal Notification Service
Message body:

Dear Customer,

Your parcel has arrived at December 28. Courier was unable to deliver the parcel to you.  To receive your parcel, print this label and go to the nearest office
You can see, if you hover over the "Get Shipment Label", it's going to download a zip file:



Clicking on the link with a Windows system gives you a zip file:

notification.zip

On the Windows machine, Inside the zip, is Windows executable:
notification.exe


VirusScanner Reports:
Md5 Hash:  6fcf7288083e68e9315813016732f6f
VirusTotal Report: [1] (2/56 scanners report a hit)
Malwr Report
Hybrid-Analysis Report

Best avoid this one...

Cheers,

Steve
Sanesecurity.com

No comments: