Dynamoo's Blog: Malware spam: "Scanned image" / "Image data in PDF format has been attached to this email."

Friday, 11 March 2016

Malware spam: "Scanned image" / "Image data in PDF format has been attached to this email."

This fake document scan leads to malware. It appears to come from within the victim's own domain, but this is a trivial forgery.

From:    admin [lands375@victimdomain.tld]
Date:    11 March 2016 at 09:02
Subject:    Scanned image

Image data in PDF format has been attached to this email.

Attached is a document named in a similar format to 11-03-2016-6440705503.zip which contains a randomly-named malicious script. So far I have seen three versions of this script (VirusTotal results [1] [2] [3]) which according to the Malwr reports [4] [5] [6] download a malicious binary from:

ghayatv.com/system/logs/uy78hn654e.exe

This is Locky ransomware, the same as dropped in this other spam run - that post also contains a list of C2s to block.

Dynamoo's Blog

Link List

Sponsored by..

Friday, 11 March 2016

Malware spam: "Scanned image" / "Image data in PDF format has been attached to this email."

No comments: