Results 1 to 10 of 1320

Thread: SPAM frauds, fakes, and other MALWARE deliveries...

Threaded View

Previous Post Previous Post   Next Post Next Post
  1. #40
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down Fake 'account documents' SPAM

    FYI...

    Fake 'account documents' SPAM - delivers Trickbot
    - https://myonlinesecurity.co.uk/trick...-form-malspam/
    7 Dec 2017 - "... an email containing the subject of 'Your account documents' pretending to come from Companies House but actually coming from a look-a-like or typo-squatted domain <no-reply@ companieshouseform .co.uk> with a malicious word doc attachment is today’s latest spoof of a well-known company, bank or public authority delivering Trickbot banking Trojan...

    Screenshot: https://myonlinesecurity.co.uk/wp-co...ecure-form.png

    SecureForm84.doc - Current Virus total detections 3/60*| Hybrid Analysis**... This malware docx file downloads from
    http ://aperhu .com/ser0712.png which of course is -not- an image file but a renamed .exe file that gets renamed to Ejjmdejh9.exe (VirusTotal 8/68[3])...
    The alternative download location is
    http ://altarek .com/ser0712.png... Today’s example of the spoofed domain is, as usual, registered via Godaddy as registrar using privacy protection services...
    companieshouseform .co.uk hosted on numerous servers and IP addresses and sending the emails via 185.207.204.218 | 185.23.215.76 | 89.39.106.208 | All of which are based in Netherlands...
    Malware detail:
    > https://myonlinesecurity.co.uk/wp-co...m_word_doc.png
    DO NOT follow the advice they give to enable macros or enable editing to see the content..."
    * https://www.virustotal.com/en/file/2...is/1512651253/
    SecureForm6.doc

    ** https://www.hybrid-analysis.com/samp...ironmentId=100
    DNS Requests
    146.255.36.1
    143.95.252.46

    Contacted Hosts
    143.95.252.46
    146.255.36.1
    185.80.128.223
    82.146.47.221
    185.125.46.161


    3] https://www.virustotal.com/en/file/b...is/1512647520/
    fbwnk.exe

    aperhu .com: 143.95.252.46: https://www.virustotal.com/en/ip-add...6/information/
    > https://www.virustotal.com/en/url/8a...01d0/analysis/

    altarek .com: 64.50.184.217: https://www.virustotal.com/en/ip-add...7/information/
    > https://www.virustotal.com/en/url/c1...50bb/analysis/

    Last edited by AplusWebMaster; 2017-12-07 at 16:34.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •