A professional malware email

TheMalwareMaster

Level 21
Thread author
Verified
Honorary Member
Top Poster
Well-known
Jan 4, 2016
1,022
mail.PNG
Hello :) just wanted to share with you this professional malware email I received last week. As you can see, it is a fake email from DHL. The sender has added a fake phone number, email and the working time of their employees to be more credible ;) . It has only two small accent errors which won't be noticed if the email is read fast. The sender is also asking the reader to "reply" in 48 hours, probably to make the user open the attachment fast and get infected. I will translate the email for you, so you will be able to better understand
Dear customer,
you will find attached an important communication addressed to you, of which we will be looking forward not later than 48 hours. For privacy reasons, you should download the attached document.
Kind regards,
DHL Italy
 
Last edited:

TheMalwareMaster

Level 21
Thread author
Verified
Honorary Member
Top Poster
Well-known
Jan 4, 2016
1,022
It was a js file, this was the virus total detection when I first uploaded it. Avira was also flagging the archive which contained it (HEUR detection, and probably had a cloud signature for the js file). I submitted the file to Bitdefender, Avira, Microsoft and Symantec. It appears that Microsoft and Bitdefender didn't add and signature (checked today). I decided to re-SUD the sample https://www.virustotal.com/it/file/...f9af96482ffb86f3804e53e5/analysis/1474103184/
Here Is a malware analysis for the file https://www.hybrid-analysis.com/sam...a47f9af96482ffb86f3804e53e5?environmentId=100
 
Last edited:

TheMalwareMaster

Level 21
Thread author
Verified
Honorary Member
Top Poster
Well-known
Jan 4, 2016
1,022
I still can't understand why both Microsoft and Bitdefender didn't add a signature. I submitted this last week! The file failed to execute in my VM (probably has anti-VM code)
 
  • Like
Reactions: LabZero

Atlas147

Level 30
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 28, 2014
1,990
I still can't understand why both Microsoft and Bitdefender didn't add a signature. I submitted this last week! The file failed to execute in my VM (probably has anti-VM code)

Awesome break down @TheMalwareMaster , I find that Avast doesn't take my samples either, submitted confirmed malware to them a bunch of times and they rarely ever get added to the signatures
 
  • Like
Reactions: TheMalwareMaster

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top