Monday, 9 February 2015

Postal Notification Service Fedex malware

Postal Notification Service Fedex malware is now arriving in the form of a html email,
with a link to a website, which if clicked, will download a dangerous exe file.


Headers:
From:     "Fedex" {ranteras560@marketmindful2.com}
Subject: Postal Notification Service
Message body:

Dear Customer,

Your parcel has arrived at January 28. Courier was unable to deliver the parcel to you.
To receive your parcel, print this label and go to the nearest office.


Clicking on the link with a Windows system gives you a dangerous EXE file:
http://skintoper.com/shipment_832748973284732847839278237.exe

Md5 Hashes:
0206d396524ffaa64103151c820ddea6  [1]
Malware Information:

VirusTotal Report [1] (hits 3/57 Virus Scanners)

Malwr Report [1]


Summary:
  • Executed a process and injected code into it, probably while unpacking
  • Installs itself for autorun at Windows startup
Hybrid Analysis Report [1]

Cheers,

Steve
Sanesecurity.com

5 comments:

Anonymous said...

Thanks Steve. Had the same message but from unfulfilledl93@marketminful2.com

Anonymous said...

thanks
same from Fedex on 09.02.2015 at 04.03pm

Anonymous said...

Hi, I received the same message today but from pegginghu@marketmindful2.com. Since I sometimes use Fedex services I clicked on the link and an unavailable webpage appeared. I already ran my anti-virus, but no malware was detected. What do you recommend me to do? Thanks

Anonymous said...

I received the same scam email. Received: from marketmindful2.com (unknown [89.109.42.151])9th Feb

My mail settings are plain text so the scammers spoof Fedex html formatting does not show. Coincidently, (or not?), also received a scam telephone call from overseas from a plausible-sounding "Tom" about a 'computer problem' I was supposed to have.

Anonymous said...

Same message, sender isunadulteredf262@merketmindful2.com

Unfortunately, I clicked on the link. What should I do now?