Category Archives: EXE-in-ZIP

New Payment Received – JS malware delivers #Dridex

Posted on by

Continuing with the overnight Malspam runs is yet another Dridex dropper with a long list of sites embedded inside the encrypted JavaScript file. This is an email with the subject of  New Payment Received pretending to come from random senders and … Continue reading → Continue reading New Payment Received – JS malware delivers #Dridex

Upcoming Payment – 1 Month Notice – JS malware delivers #Dridex

Posted on by

An email with the subject of Upcoming Payment – 1 Month Notice pretending to come from  random senders and email addresses  with a zip attachment is another one from the current bot runs which downloads Dridex. In exactly the same way … Continue reading → Continue reading Upcoming Payment – 1 Month Notice – JS malware delivers #Dridex

Someone Might Be Using Your Account – word doc macro malware leads to #Dridex

Posted on by

An email with the subject of  Someone Might Be Using Your Account 022FCF [random characters] pretending to come from random names and email addresses with a malicious word doc rtf  or a zip file attachment  is another one from the current bot … Continue reading → Continue reading Someone Might Be Using Your Account – word doc macro malware leads to #Dridex

Jaypee jaypeehp@gmail.com Bill Copy – corrupt attachment

Posted on by

An email with the subject of  Bill Copy  pretending to come from Jaypee <jaypeehp@gmail.com>    with a zip attachment is another one from the current bot runs which is supposed to contain malware. All copies that I have received have had a … Continue reading → Continue reading Jaypee jaypeehp@gmail.com Bill Copy – corrupt attachment

Refund Unsuccessful Your order has been cancelled however we are not able to proceed with the refund – JS malware

Posted on by

An email with the subject of  Refund Unsuccessful C1CE   [ random characters]  pretending to come from  random senders   with a zip attachment is another one from the current bot runs which downloads some malware, possibly Dridex banking Trojan, but might … Continue reading → Continue reading Refund Unsuccessful Your order has been cancelled however we are not able to proceed with the refund – JS malware

Certificate UPDATE pretending to come from Incoming Fax at your own email address – JS malware

Posted on by

An email pretending to be a notification that you need to update your webmail certificate with the subject of  Certificate UPDATE pretending to come from  Incoming Fax <Incoming.Fax@your own email domain >  with a zip attachment is another one from the current … Continue reading → Continue reading Certificate UPDATE pretending to come from Incoming Fax at your own email address – JS malware

Your balance and recent transaction history is attached to this mail. Please verify it – JS malware leads to Locky

Posted on by

An email with the subject of  RE:  pretending to come from  random names & email addresses  with a zip attachment is another one from the current bot runs which downloads Locky ransomware. This is another one that has  a massive 525kb js file … Continue reading → Continue reading Your balance and recent transaction history is attached to this mail. Please verify it – JS malware leads to Locky

Factura: FN53105269 – JS malware downloads Locky

Posted on by

A Spanish language  email with the subject of  Factura: FN53105269  [ random numbered]  pretending to come from  lupe59@alkain.com ( random numbers after lupe)   with a zip attachment is another one from the current bot runs which downloads Locky ransomware from the … Continue reading → Continue reading Factura: FN53105269 – JS malware downloads Locky

Nieuwe factuur (met automatische incasso) – JS malware delivers Locky

Posted on by

A Dutch language email pretending to be an invoice and Direct Debit notice with the subject of Nieuwe factuur (met automatische incasso)pretending to come from  Mijndomein.nl <noreply@mijndomein.nl>  with a zip attachment is another one from the current bot runs which downloads They use … Continue reading → Continue reading Nieuwe factuur (met automatische incasso) – JS malware delivers Locky