Sanesecurity ClamAV blog: zero hour malware, phishing and scams: Rothn-Ron RMPD#7989 Ron Miller invoice

Wednesday, 4 March 2015

Rothn-Ron RMPD#7989 Ron Miller invoice

Rothn-Ron RMPD#7989 Ron Miller invoice malware....

Headers:

From: "Rothn-Ron" {ron@bellsouth.net}
Subject: RMPD#7989 - invoices

Message body:

invoice as an attachment

Ron Miller

a/k/a : Rotn-Ron

R.M. PRODUCE DISTRIBUTORS, INC.

Phone : 561-439-5569

Fax : 561-439-8991

Attached is a Zip file:

RMPD#7989 INVOICES.zip

Inside the Zip attachment is a Windows Executable:

RMPD#7989 INVOICES.exe

Sha256 Hash:

e73daa08ae82b4e5a9b7974a4dbfc3e46525258346d73963fed319cd79656ee5 [1]

Malware Information:

VirusTotal Report [1] (hits 8/56 Virus Scanners)
Malwr Report [1]
Hybrid Analysis Report [1] [Detailed Report]

Cheers,

Steve
Sanesecurity.com

14 comments:

Anonymous said...: Just received the same from in two different email address. I.P from Brazil so there mailbox was probably hacked.; 4 March 2015 at 16:39
Anonymous said...: Also just received the exact same email.; 4 March 2015 at 16:48
Anonymous said...: I also just received the same email from ron@bellsouth.net

The body of the email is as follows:
invoice as an attachment

Ron Miller
a/k/a : Rotn-Ron

R.M. PRODUCE DISTRIBUTORS, INC.
Phone : 561-439-5569
Fax : 561-439-8991

The person also attatched a zip fileclaiming it was an invoice; 4 March 2015 at 16:54
Anonymous said...: I also just received the same email from ron@bellsouth.net

The body of the email is as follows:
invoice as an attachment

Ron Miller
a/k/a : Rotn-Ron

R.M. PRODUCE DISTRIBUTORS, INC.
Phone : 561-439-5569
Fax : 561-439-8991

The person also attatched a zip fileclaiming it was an invoice; 4 March 2015 at 16:54
Anonymous said...: Received same in Ireland. Deleted.; 4 March 2015 at 16:54
Anonymous said...: I just received 2 of these letters. Both with invoices attached. Since my company has never had any dealings with a produce company, I didn't open the attachments.; 4 March 2015 at 16:56
Anonymous said...: I just received the same thing here in BC, Canada. I have NO idea who this is so I obviously do not open these. I found this post by googling the phone number in the e-amil.; 4 March 2015 at 16:58
rfa said...: Received same email 3/4/15; 4 March 2015 at 17:06
Anonymous said...: Just received this as well. Zip file contains an executable. Obviously don't run this.; 4 March 2015 at 17:33
Anonymous said...: spam.. here in So.Cal; 4 March 2015 at 18:18
Anonymous said...: Just received it in BC. Mailscanner caught it but I searched the email to ensure I wasn't deleting a real business email. Thanks for your comments. Deleted.; 4 March 2015 at 18:37
Anonymous said...: The same,

Kaspersky pure said "virus invoices.exe"
I didn't open the file...; 5 March 2015 at 13:28
Anonymous said...: a company i work for opened the attachment and it encrypted their whole network.. I tried to use decryptcyrptolocker, but it was unable to decrypt the files. We are restoring from backup.

Backup is far more important than working AV. good luck; 5 March 2015 at 20:53
Anonymous said...: Thank you Steve for the confirmation that this is a scam. Received it at 10:20 3/4/15. I wish people would get a life!; 5 March 2015 at 21:24

Sanesecurity ClamAV blog: zero hour malware, phishing and scams

Amazon3

Pages

Amazon

Wednesday, 4 March 2015

Rothn-Ron RMPD#7989 Ron Miller invoice

14 comments: