Thursday, 12 March 2015

You have received a voice mail Voicemail Report

You have received a voice mail Voicemail Report being spammed.

These emails aren't from these companies at all , they are just being used to make the email look more genuine, ie. from a real company.
Warning: The malware in this email is reported to be downloading cryptowall 3.0

CryptoWall will encrypt your data files so they can no longer be opened. Once your file are encrypted, you will then receive instructions on how to decrypted them by paying money :(


Message Header:
From: "Voicemail Report" {no-reply@voicemail-delivery.com}
To: Subject: You have received a voice mail
Message Body:
You received a voice mail : VOICE473-355-9698.wav (22 KB)
Caller--Id: 473-355-9698
Message--Id: 89X1RK
Email-Id: hp_printer@

Download and extract to listen the message.

We have uploaded voicemail report.
Please use the following link to download your file:
----
Download voice mail
----



Microsoft Exchange Server
Link takes you to:
http://contact72.ru/etjj5z/ptlh4.php

The above site downloads a zip file:
http://thimiceramics.com/VOICE8411-263-481.zip

Inside the Zip file is a Windows Executable:
     VOICE8411-263-481.scr


Sha256 Hashes:
2328d042ec6293a85cf5beb00edd5cc0d8ff7dc5f426fe6f167e98cb87c8b376  [1]

Malware Macro document information:
VirusTotal Report [1] (hits 5/57 Virus Scanners)

Malwr Report [1]

Hybrid Analysis Report [1]
Cheers,
Steve

No comments: