Thursday, 12 March 2015

You have received a voice mail Voicemail Report

You have received a voice mail Voicemail Report being spammed.

These emails aren't from these companies at all , they are just being used to make the email look more genuine, ie. from a real company.
Warning: The malware in this email is reported to be downloading cryptowall 3.0

CryptoWall will encrypt your data files so they can no longer be opened. Once your file are encrypted, you will then receive instructions on how to decrypted them by paying money :(

Message Header:
From: "Voicemail Report" {}
To: Subject: You have received a voice mail
Message Body:
You received a voice mail : VOICE473-355-9698.wav (22 KB)
Caller--Id: 473-355-9698
Message--Id: 89X1RK
Email-Id: hp_printer@

Download and extract to listen the message.

We have uploaded voicemail report.
Please use the following link to download your file:
Download voice mail

Microsoft Exchange Server
Link takes you to:

The above site downloads a zip file:

Inside the Zip file is a Windows Executable:

Sha256 Hashes:
2328d042ec6293a85cf5beb00edd5cc0d8ff7dc5f426fe6f167e98cb87c8b376  [1]

Malware Macro document information:
VirusTotal Report [1] (hits 5/57 Virus Scanners)

Malwr Report [1]

Hybrid Analysis Report [1]

No comments: