From: Brittany QuinnThe sender's name varies from email to email, as does the name of the attachment but it in a format similar to SCAN_PRICES_01106759.zip. Contained within is a malicious obfuscated Javascript with a detection rate of 6/54 which is a bit clear when deobfuscated, and it downloads from:
Date: 17 December 2015 at 10:52
Subject: Required your attention
Dear Partner,
As per your request, we have made special prices for you, which leave us only a very small margin.
Kindly find attached the prices with your personal discount, and if you need anything else, don’t hesitate to contact us.
Our best wishes, The sales team
whatdidyaysay.com/97.exe?1
iamthewinnerhere.com/97.exe?1
This has a detection rate of 3/53. Automated analysis is inconclusive [1] [2] but this is Teslacrypt and is likely to be similar in characteristics to this spam run.
No comments:
Post a Comment