Threat Research Lab | Fedex Delivery Malware Spreading Via Email

22nd January 2018 | By admin

Comodo threat research labs

[22 January 2018] – [ FEDEX DELIVERY MALWARE] – SUBJECT : [Virginia Watson your agent FedEx]

Comodo Threat Research Labs (CTRL) identified a new phishing email, that contains a malware link, and spread to email user with subject “Virginia Watson your agent FedEx”.

ASSOCIATED FILES:

RAR archive of the malware: [22 January 2018] – [Fedex] – 1.20 MB (1,260,252 bytes)

  • Email : 58e008ad-d106-4b39-b0b7-b284431c57a9.eml 24.2 KB (24,877 bytes)
  • Malware Link Dropped File : PT5769058.jse 16.6 KB (17,027 bytes)
  • Dropped file : 43616563.scr 451 KB (462,336 bytes)

THE EMAIL:

phishing mail

EMAIL DATA:

Message-ID: <B04A016908DCF023FFFAB33014278273@libero.it>

From: “FEDEX SUP” <specialemichele@libero.it>

Subject: Virginia Watson your agent FedEx

Date: Tue, 16 Jan 2018 16:10:39 +0100

MIME-Version: 1.0

Content-Type: multipart/mixed; boundary=”ff006fc1d4cdba0e9bc9acb44ec3″

PHISHING LINK – DROPPED FILE:

PHISHING LINK

DROPPED FILE:

dropped file

EXTRACTED FILE DETAILS FOR PT5769058.jse:

extracted file

EXTRACTED FILE DETAILS FOR 43616563.scr :

EXTRACTED FILE DETAILS FOR 43616563

File Name : PT5769058.jse 16.6 KB (17,027 bytes)
MD5 hash : 62F8FED2811A6675D19FC83B40CC13C4
SHA1 hash : 79360A0C121D0507B35BFAC920C300F0B64FA206
SHA256 hash : FF79F9B54E5086466E1B6199CA827B703CA6D43013B2040518E78A38E8EADCCF

File Name : 43616563.scr 451 KB (462,336 bytes)
MD5 hash : 7C5F85D454DA8F1EE33188E21061FE64
SHA1 hash : F02D5366866CBED4FF10D40A3C6009E810CCA7DF
SHA256 hash : B0AE2C758970798E201E8D68BC184ABAB4441F298DF3C2AC6575BAD7141C3EA8

TRAFFIC:

Traffic

ASSOCIATED URLS:

  • 1267 89.364816 10.108.55.58 194.183.95.21 HTTP 313 GET /rn.php HTTP/1.1
  • 1738 96.413471 10.108.55.51 10.1.72.11 HTTP/XML 752 POST /wcs/ HTTP/1.1
  • 1857 117.103596 10.108.55.58 5.2.88.83 HTTP 213 POST /cele/five/fre.php HTTP/1.0
  • 1891 124.404294 10.108.55.58 194.183.95.21 HTTP 425 GET /rn.php HTTP/1.1

VALKYRIE FOR REFERENCE:

https://valkyrie.comodo.com/get_info?sha1=f02d5366866cbed4ff10d40a3c6009e810cca7df

FINAL NOTES:

Once again, here are the associated files:

ASSOCIATED FILES:

RAR archive of the malware: [22 January 2018] – [Fedex] – 1.20 MB (1,260,252 bytes)

  • Email : 58e008ad-d106-4b39-b0b7-b284431c57a9.eml 24.2 KB (24,877 bytes)
  • Malware Link Dropped File : PT5769058.jse 16.6 KB (17,027 bytes)
  • Dropped file : 43616563.scr 451 KB (462,336 bytes)

related source by – Uber Clone

Be part of an IT community with thousands of subscribers. Get the latest news, blogs, and thought leadership articles. Subscribe now
Loading