Thursday, 26 March 2015

I have attached my resume My resume.zip

I have attached my resume email with an attached My resume.zip file containing a ,js file.

Headers:
Subject: Al Hurst - My resume
Subject: Denver Norman - My resume
Subject: Emmett Cox - My resume
Subject: Freddie Lara - My resume
Subject: Isidro Hayden - My resume
Subject: Romeo Mayo - My resume
Subject: Van Mcknight - My resume
Message body:
Hi, my name is{random}
My resume is attached for your consideration

Sincerely,
{random}

There's a Zip file attached to the email:
Al Hurst - My resume.zip
Denver Norman - My resume.zip
Emmett Cox - My resume.zip
Freddie Lara - My resume.zip
Isidro Hayden - My resume.zip
Marty Barker - My resume.zip
Romeo Mayo - My resume.zip
Van Mcknight - My resume.zip

Inside the Zip file is an .JS file (JavaScript):
{random} - My resume.js
Sha256 Hashes (one example)
 5f199d4789c5f96effddd1476c911a765455acbab723a1ac7b72e9ef715bb710   [1]

Malware Anti-Virus Reports (one example)
VirusTotal Report [1] (hits 5/57 Virus Scanners)
Malwr Report [1]

Cheers,
Steve
Sanesecurity.com

1 comment:

Strongground said...

This scam/malware lives a second life: my_resume.zip this time contains a folder with thumbs.db and manipulated my_reume.svg which loads 123.zip from http://185.20.224.58/. I didn't dare to download the file up to now... have no VM available right now.