Headers:
Message body:
Subject: Al Hurst - My resume
Subject: Denver Norman - My resume
Subject: Emmett Cox - My resume
Subject: Freddie Lara - My resume
Subject: Isidro Hayden - My resume
Subject: Romeo Mayo - My resume
Subject: Van Mcknight - My resume
Hi, my name is{random}
My resume is attached for your consideration
Sincerely,
{random}
There's a Zip file attached to the email:
Al Hurst - My resume.zip
Denver Norman - My resume.zip
Emmett Cox - My resume.zip
Freddie Lara - My resume.zip
Isidro Hayden - My resume.zip
Marty Barker - My resume.zip
Romeo Mayo - My resume.zip
Van Mcknight - My resume.zip
Inside the Zip file is an .JS file (JavaScript):
Sha256 Hashes (one example)
{random} - My resume.js
5f199d4789c5f96effddd1476c911a765455acbab723a1ac7b72e9ef715bb710 [1]
Malware Anti-Virus Reports (one example)
VirusTotal Report [1] (hits 5/57 Virus Scanners)
Malwr Report [1]
Cheers,
Steve
Sanesecurity.com
1 comment:
This scam/malware lives a second life: my_resume.zip this time contains a folder with thumbs.db and manipulated my_reume.svg which loads 123.zip from http://185.20.224.58/. I didn't dare to download the file up to now... have no VM available right now.
Post a Comment