Sponsored by..

Thursday, 6 August 2015

Malware spam: "Voice message from 07773403290" / ""tel: 07773403290" [non-mail-user@voiplicity.co.uk]"

This fake voicemail spam comes with a malicious attachment:

From     "tel: 07773403290" [non-mail-user@voiplicity.co.uk]
Date     Thu, 06 Aug 2015 11:54:43 +0300
Subject     RE: Voice message from 07773403290
I was not able to determine if there was any body text from my sample collector, however each sample had an identical attachment message_01983527496.wav.zip which contains a malicious executable message_01983527496.exe. This has a VirusTotal detection rate of 5/55 and automated analysis tools [1] [2] show it POSTing to:


This is hosted on a RU-Center IP address of in Russia. Furthmore, a malicious executable is downloaded from the following locations:


In turn, this has a detection rate of 2/55 and automated analysis of this [1] [2] show that it phones home to (Web Hosting Solutions, Estonia).

The payload is unclear at this point, but you can guarantee that it will be nothing good.

Recommended blocklist:


1 comment:

George Smith said...

Literally got this email today