Dynamoo's Blog: Malware spam: "James Wheatley sent you an document file!" / wheatjam@gmail.com

Thursday, 17 December 2015

Malware spam: "James Wheatley sent you an document file!" / wheatjam@gmail.com

Poor old James Wheatley is a real person who must have pissed off some Russians somewhere (perhaps it is a Joe Job). This fake WhatsApp spam in his name has a malicious attachment.

From:    James Wheatley [wheatjam@gmail.com]
Date:    17 December 2015 at 09:50
Subject:    James Wheatley sent you an document file!

---
---
Sent by WhatsApp

There seem to be a few variants of the attachment, these have a detection rate of about 4/55 [1] [2] and analysis of those two examples [3] [4] download a malicious binary from:

www.nz77.de/65dfg77/kmn653.exe
old.durchgegorene-weine.de/65dfg77/kmn653.exe

This payload is the same as the one found in this spam run earlier today.

2 comments:

Unknown said...: Wow that's spooky, Just Googled James Wheatley's email address as I was obviously suspicious and first result is your blog. Hope you and the family are well Regards, Mike W (Avantime); 21 December 2015 at 10:00
Conrad Longmore said...: :)
If they wanted to target us they should send out an email with "free Avantime centre caps" in the subject..; 22 December 2015 at 16:07

Dynamoo's Blog

Link List

Sponsored by..

Thursday, 17 December 2015

Malware spam: "James Wheatley sent you an document file!" / wheatjam@gmail.com

2 comments: