Sponsored by..

Wednesday, 17 February 2016

Malware spam: tracking documents / cmsharpscan@gmail.com

This fake document scan spam has a malicious attachment:

From:    cmsharpscan3589@gmail.com
Date:    17 February 2016 at 14:32
Subject:    tracking documents

Reply to: cmsharpscan@gmail.com [cmsharpscan@gmail.com]
Device Name: Not Set
Device Model: MX-2640N
Location: Not Set

File Format: DOC (Medium)
Resolution: 200dpi x 200dpi

Attached file is scanned image in DOC format.
I have only seen a single sample of this with an attachment cmsharpscan@gmail.com_20160217_132046.docm which has a VirusTotal detection rate of 7/54. According the the Malwr analysis of the document, the payload is the Locky ransomware and is identical to the earlier attach described here.

1 comment:

Dávid Müller said...

Other hosts the variants triyng to download the binary: blitz174.ru /system/smsgate/7623dh3f.exe?.7055475 gorb82.myjino.ru /system/logs/7623dh3f.exe?.7055475 terem37.ru /system/logs/7623dh3f.exe?.7055475 feestineendoos.nl /system/logs/7623dh3f.exe?.7055475 electro-cablaj.ro /system/logs/7623dh3f.exe?.7055475 wmodam.com /system/logs/7623dh3f.exe?.7055475 nadeenk.sa /system/logs/7623dh3f.exe?.7055475 accesorios .nuestroservidor.es/system/logs/7623dh3f.exe?.7055475 olvikt.freedomain.thehost.com.ua /admin/js/7623dh3f.exe?.7055475