Sanesecurity ClamAV blog: zero hour malware, phishing and scams: Voipfone Voicemail New voice message in mailbox

Wednesday, 22 April 2015

Voipfone Voicemail New voice message in mailbox

Voipfone Voicemail New voice message in mailbox email with malware zip attachment.

Headers:

From: Voipfone Voicemail {voicemail@voipfone.co.uk}
Subject: New voice message in mailbox

Message body:

You have a new voice mail message in mailbox from 08447702345 on Wednesday, April 21, 2015 at 03:52:49 AM.

To listen to the message click on the sound file attached.

Please delete messages once received or store them locally as they will be removed from our system from time to time.

You currently have 67 new messages and 4 old messages.

If you need assistance please contact support@voipfone.co.uk

Kind Regards,

Voipfone Voicemail System

Attached to the email is a Zip file:

WAV0004291.wav.zip

Inside the Zip file is a Windows Executable file (Note: filename is random)

WAV0004291.wav.exe

Sha256 Hashes:

0a760819fcd40ea9e3a42a651c201c314e7a0ecfacc611341fe3a2c9192a7683 [1]

Anti virus reports:

VirusTotal Report: [1] (Detection 2/56)
Malwr Report: [1]
Hybrid Analysis Report: [1]

Cheers,
Steve
Sanesecurity.com

5 comments:

Anonymous said...: Thank-you, good to have confirmation like this, much appreciated.; 22 April 2015 at 10:27
Anonymous said...: Yep. Information much appreciated. Thanks.; 22 April 2015 at 11:21
Anonymous said...: Yes, I've also had one of these this morning - looks like a .wav file but is a zip; 22 April 2015 at 11:41
SWY said...: Sorry, does this all mean it is NOT a genuine email? Thanks for clarification.; 22 April 2015 at 12:25
Anonymous said...: thank you - it looked fishy; 22 April 2015 at 22:25

Sanesecurity ClamAV blog: zero hour malware, phishing and scams

Amazon3

Pages

Amazon

Wednesday, 22 April 2015

Voipfone Voicemail New voice message in mailbox

5 comments: