Hawkeye keylogger via fake Proforma Invoice that probably fails delivery

  A marginally interesting malware campaign trying to deliver Hawkeye Keylogger/ Infostealer. The email is nothing special and is a typical fake invoice. Where the bad actor has gone wrong with this campaign is he or she attached a .exe to the email as well as a malformed XLS spreadsheet using one of the Microsoft Equation Editor Exploits ( probably CVE-2017-11882). I don’t know many email servers that generally accept .exe files in an email. My mailserver quarantined all these, so I had to release a copy to investigate. Further Outlook and almost all other modern email clients block access Continue reading →