Date: Tue, 15 Oct 2013 09:36:02 -0500 [10:36:02 EDT]There is an attachment Label_ZFRLOADD5PGGZ0Z_USPS.zip which contains a malicious executable Label_101513_USPS.exe (note the date encoded into the filename).
From: USPS Express Services [service-notification@usps.com]
Subject: USPS - Missed package delivery
Notification
Our company's courier couldn't make the delivery of package.
REASON: Postal code contains an error.
DELIVERY STATUS: Sort Order
SERVICE: One-day Shipping
NUMBER OF YOUR PARCEL: USPSZFRLOADD5PGGZ0Z
FEATURES: No
Label is enclosed to the letter.
Print a label and show it at your post office.
An additional information:
You can find the information about the procedure and conditions of parcels keeping in the nearest office.
Thank you for using our services.
USPS Global.
*** This is an automatically generated email, please do not reply ***
CONFIDENTIALITY NOTICE:
This electronic mail transmission and any attached files contain information intended for the exclusive use of the individual or entity to whom it is addressed and may contain information belonging to the sender (USPS , Inc.) that is proprietary, privileged, confidential and/or protected from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any viewing, copying, disclosure or distributions of this electronic message are violations of federal law. Please notify the sender of any unintended recipients and delete the original message without making any copies. Thank You
VirusTotal shows just 4/46 vendors detect it at present. Automated analysis [1] [2] [3] shows an attempted communication with traderstruthrevealed.com on 103.8.27.82 (SKSA Technology, Malaysia).
There is also another email using this format with the same payload.
Recommended blocklist:
103.8.27.82
traderstruthrevealed.com
No comments:
Post a Comment