D

Deleted Member 3a5v73x

Haven't got any nice attachment in my main inbox lately, however I do receive quite a nice amount of questionable links which may lead to those. By the time I try them links are already dead. :D

outlook1.PNG
 
E

Eddie Morra

Maybe the macromalware is just a dropper and once executed, it can download the malicious executable that would have a higher ratio on VT.
That would be a logical explanation.

Most of the time, malicious Office VBA Macro's will simply act as an entry to gain code execution on the machine before deploying file-less script attacks or dropping another loader on the environment. Following this, the real payload normally comes into play.
 
E

Eddie Morra

I can try and investigate the attachment for you if you'd like and provide some malware analysis insight. I'm a bit bored these days, it'll spice things up.

Send me the attachment download in a PM - if you don't have it, I'll use the VT link and see if I can find the sample myself.
 

ticklemefeet

Level 23
I can try and investigate the attachment for you if you'd like and provide some malware analysis insight. I'm a bit bored these days, it'll spice things up.

Send me the attachment download in a PM - if you don't have it, I'll use the VT link and see if I can find the sample myself.
You changed your nickname again? This one is easier to pronounce. The sample is still in my inbox.
 

Spawn

Administrator
Verified
Staff member
No PayPal account, so this never gets old.

Link: Complete IP Address Details for 202.194.159.244


Full of errors. Can you spot them?
We found your account has been logged with difference devices and locations, we suspect that the party is not responsible've entered your account without you knowing.
[..]
Your account has been limited because we find suspicious activity very fatal. Reviews Please immediately log into your account and fill out all the data we provide to recover your account.

1597339658373.png
 
Top