Tag: PowerShell
Malspam Entitled “Invoice attched for your reference” Delivers Agent Tesla Keylogger
I recently got my hands on some malspam entitled “Invoice attched for your reference.” Below is an image of the email: The image of a PDF document links to hxxp://dropcanvas.com/ozbak/1: Dropcanvas.comĀ is a site used to transfer files between users. While not inherently malicious, file sharing sites are often abused in these types of social engineering ...
Malspam Distributing Ursnif (Gozi ISFB)
A user received malspam with a .doc attachment. Static analysis of the file showed it was a Microsoft Word 2007+ document with an embedded macro located in vbaProject.bin. The malware authors trick victims into enabling macros (Enable Content) and, to better evade sandboxes, use AutoClose to execute the macro after the file has been closed. ...
“Re: Details” Malspam Downloads CoreBot Banking Trojan
I got some malspam on 09/07/17 and decided to play around with it a bit. Below is an image of the email: The email is pretending to come from “Signa Air” and the subject is “Re: Details”. The text of the email is as follows: FYI, I sent this earlier with my regular email but ...
Malware breakdown 