Sponsored by..

Tuesday, 6 October 2015

Malware spam: "...has sent you a file via WeTransfer"

This fake "WeTransfer" spam comes with a malicious payload.


info@ucaqld.com.au has sent you a file via WeTransfer
1 message
WeTransfer 6 October 2015 at 13:36
To: [redacted]
info@ucaqld.com.au
sent you some files
‘Hey Nicole,
I have given you these federal reminder

Many thanks

Stacey'
Download
Files (101 KB total)
Document.doc
Will be deleted on
07 Oct, 2015
Get more out of WeTransfer, get Plus
About WeTransfer Contact= Legal Powered by Amazon Web Services

In this case, the malicious link is actually at..

storage-hipaa-2.sharefile.com/download.ashx?dt=dt3b07281f2b9440708a4b8a411e2f0e18&h=WAOCUIfIJJIYoHSVimogW83t4TXwSsltx0MYcStbmyQ%3d

The attachment is malicious in nature, but analysis is still pending. In the meantime, here is an initial Hybrid Analysis report.

Posted by at
Labels: , , ,

1 comment:

PC.Tech said...

> https://www.virustotal.com/en/domain/storage-hipaa-2.sharefile.com/information/
"... This domain has been seen to resolve to the following IP addresses.
2015-06-08 54.208.209.126"
54.208.209.126: https://www.virustotal.com/en/ip-address/54.208.209.126/information/
.

6 October 2015 at 16:01

Post a Comment

Subscribe to: Post Comments (Atom)