From: Microsoft Outlook [no-reply@victimdomain]The link downloads a file VOICE-864169741-28641.zip which in turn contains a malicious executable VOICE-864169741-28641.scr which has a VirusTotal detection rate of 4/52. Automated analysis [1] [2] [3] [4] indicates that it downloads files from the following domains:
Date: 10 June 2014 15:05
Subject: You have received a voice mail
You received a voice mail : VOICE437-349-3989.wav (29 KB)
Caller-Id: 437-349-3989
Message-Id: U7C7CI
Email-Id: [redacted]
Download and extract the attachment to listen the message.
We have uploaded fax report on dropbox, please use the following link to download your file:
https://www.dropbox.com/meta_dl/eyJzdWJfcGF0aCI6ICIiLCAidGVzdF9saW5rIjogZmFsc2UsICJzZXJ2ZXIiOiAiZGwuZHJvcGJveHVzZXJjb250ZW50LmNvbSIsICJpdGVtX2lkIjogbnVsbCwgImlzX2RpciI6IGZhbHNlLCAidGtleSI6ICIxeWEwMGx3enQ1aWdpOXEifQ/AANABss7_JqczoocZG5p_SjA659fq_BNbEs6hyC4CqDuBA?dl=1
Sent by Microsoft Exchange Server
newsbrontima.com
yaroshwelcome.com
granatebit.com
teromasla.com
rearbeab.com
1 comment:
Dropbox phishing: Cryptowall, Bitcoins, and You
- http://phishme.com/inside-look-dropbox-phishing-cryptowall-bitcoins/#update
Updated June 10 - "... the attackers have changed their tactics... the email is disguised as a voicemail notification..."
- http://phishme.com/beware-phishing-emails-using-dropbox-links/
June 2, 2014
.
Post a Comment