malware_mailの日記

個人メールアドレスに届いたマルウェアメールを記録

◎9/4

件名:Invoice INV-数字6桁 from Property Lagoon Limited for Gleneagles Equestrian Centre

From:FIRSTNAME LASTNAME <messaging-service@post.xero.com> (を偽装)

本文:

Invoice INV-数字6桁 from Property Lagoon Limited for Gleneagles Equestrian Centre Invoice INV-数字6桁 from Property Lagoon Limited
Dear customer,

Here's invoice INV-数字6桁 for USD 数字3桁.数字2桁.

The amount outstanding of USD 数字3桁.数字2桁. is due on 9 Sept 2017.

View your bill online <URLリンクあり>

で始まる英文数行。URLはドメイン名/INV-00022.7z

 

添付ファイル: Invoice INV-数字6桁.7z

 

7zの中身は

INV-000853.vbs

INV-000180.vbs

など

https://www.virustotal.com/#/file/b26087cad77ae57aacfdc54c74dd1cbd0ffe858d944c0a299be283593ec44e5d/detection

 

https://www.virustotal.com/#/file/19586765c4c8466ca35677fa638da34dcfcdc830f8ef75053ba166b24ae163fb/detection