Sponsored by..

Monday, 8 September 2014

"PAYMENT SLIP" spam comes with an encrypted .7z archive

This spam comes with a malicious attachment:

From:     daniel mo [danielweiche002@gmail.com]
Subject:     PAYMENT SLIP
Signed by:     gmail.com

Thanks for your last message,

We remitted 30% prepayment today amounting to 51,300USD against your invoice INV332831 as was agreed with you by our purchasing agent. Please check the attached invoice and the payment slip and correspond your account information. You will receive payment in your account after a few days.

Please confirm the receipt  below,
kindly use this password {121212} to view attachment for our payment slip;
Accounts Assistant
Zenia Singapore Pte Ltd
In order to deal with the attachment new order.7z, you'll need something capable of dealing with .7z files (e.g. 7-Zip). Inside the archive is a malicious executable new order.scr which has a VirusTotal detection rate of 5/54. I have not been able to analyse the malware any further than this.

No comments: