Sponsored by..

Tuesday, 1 September 2015

Malware spam: "Complaint of your Internet activity"

This spam comes with a malicious attachment:

From:    Margret Kuhic
Date:    1 September 2015 at 16:10
Subject:    Complaint of your Internet activity

This is a complaint notification. Full details attached. Please notify us within 24 hours with taken actions.

Margret Kuhic
Dynamic Communications Agent
T: 1-679-732-5379
F: 100.173.9045
All the sames I have seen have a corrupt attachment which is Base 64 encoded, it is possible that other people might receive a valid attachment though. The attachment was meant to be 723296788_Marquardt-Bailey_Margret Kuhic.zip containing the malicious executable june_stiedemannmolestiae.et.exe which has a VirusTotal detection rate of 2/56.

This Hybrid Analysis report shows it to be just another variant of Update / Dyre with the same characteristics as the malspam seen earlier today, sending traffic to an IP that I suggest you block or monitor:

197.149.90.166 (Cobranet, Nigeria)

Some other subjects spotted include:
Complaint notification 50646
Infringement of your Internet activity
Infringement notification 51494


1 comment:

Robin Gurl said...

I have received two emails today from Corrine Greenholt with the following message:

This is a complaint notification. Full details attached. Please notify us within 24 hours with taken actions.

Corrine Greenholt
Central Paradigm Technician
T: (855) 975-8147
F: 427.877.5342


and the following attachment:
Untitled Attachment 00232.zip (24 kb)

I haven't opened it because I feared it was a Virus/Malware and it looks like I was right.

Glad I found your post,

Thanks
Robin Gurl