Sponsored by..

Tuesday 6 October 2015

Malware spam: "...has sent you a file via WeTransfer"

This fake "WeTransfer" spam comes with a malicious payload.


info@ucaqld.com.au has sent you a file via WeTransfer
1 message

WeTransfer 6 October 2015 at 13:36
To: [redacted]
info@ucaqld.com.au
sent you some files
‘Hey Nicole,
I have given you these federal reminder

Many thanks

Stacey'
Download
Files (101 KB total)
Document.doc
Will be deleted on
07 Oct, 2015
Get more out of WeTransfer, get Plus
About WeTransfer Contact= Legal Powered by Amazon Web Services

In this case, the malicious link is actually at..

storage-hipaa-2.sharefile.com/download.ashx?dt=dt3b07281f2b9440708a4b8a411e2f0e18&h=WAOCUIfIJJIYoHSVimogW83t4TXwSsltx0MYcStbmyQ%3d

The attachment is malicious in nature, but analysis is still pending. In the meantime, here is an initial Hybrid Analysis report.

1 comment:

PC.Tech said...

> https://www.virustotal.com/en/domain/storage-hipaa-2.sharefile.com/information/
"... This domain has been seen to resolve to the following IP addresses.
2015-06-08 54.208.209.126"
54.208.209.126: https://www.virustotal.com/en/ip-address/54.208.209.126/information/
.