Wednesday, 22 April 2015

Voipfone Voicemail New voice message in mailbox

Voipfone Voicemail New voice message in mailbox email with malware zip attachment.

Headers:
From: Voipfone Voicemail {voicemail@voipfone.co.uk}
Subject: New voice message in mailbox
Message body:
You have a new voice mail message in mailbox from 08447702345 on Wednesday, April 21, 2015 at 03:52:49 AM.

To listen to the message click on the sound file attached.

Please delete messages once received or store them locally as they will be removed from our system from time to time.

You currently have 67 new messages and 4 old messages.


If you need assistance please contact support@voipfone.co.uk

Kind Regards,

Voipfone Voicemail System

Attached to the email is a Zip file:
WAV0004291.wav.zip
Inside the Zip file is a Windows Executable file (Note: filename is random)
WAV0004291.wav.exe
Sha256 Hashes:
 0a760819fcd40ea9e3a42a651c201c314e7a0ecfacc611341fe3a2c9192a7683   [1]
Anti virus reports:
VirusTotal Report: [1] (Detection 2/56)
Malwr Report: [1]
Hybrid Analysis Report: [1]

Cheers,
Steve
Sanesecurity.com

5 comments:

Anonymous said...

Thank-you, good to have confirmation like this, much appreciated.

Anonymous said...

Yep. Information much appreciated. Thanks.

Anonymous said...

Yes, I've also had one of these this morning - looks like a .wav file but is a zip

SWY said...

Sorry, does this all mean it is NOT a genuine email? Thanks for clarification.

Anonymous said...

thank you - it looked fishy