Subject: [PBX]: New message 46 in mailbox 461 from "460GOFEDEX" <8476446077>
From: "Voicemail Service" [pbx@local]
Date: Tue, August 22, 2017 10:37 am
To: "Evelyn Medina"
Priority: Normal
Dear user:
just wanted to let you know you were just left a 0:53 long message (number 46)
in mailbox 461 from "460GOFEDEX" <8476446077>, on Tue, 22 Aug 2017 17:37:58 +0800
so you might want to check it when you get a chance. Thanks!
--Voicemail Service
The numbers and details vary from message to message, however the format is always the same. Attached is a RAR file with a name similar to msg0631.rar which contains a malicious script named msg6355.js that looks like this [pastebin]. The script has a VirusTotal detection rate of 14/59.
According to automated analysis [1] [2] the script reaches out to the following URLs:
5.196.99.239/imageload.cgi [5.196.99.239 - OVH, Ireland / Just Hosting, Russia. Hostname: noproblem.one]
garage-fiat.be/jbfr387??qycOuKnvn=qycOuKnvn [91.234.195.48 - Ligne Web Services, France]
A ransomware component is dropped (probably Locky) with a detection rate of 16/64.
1 comment:
How can I block messages from this sender using Microsoft Outlook? When I try to do it the usual way I get a message saying the address or domain name is not valid.
Post a Comment