The email is a simple html that contains link to a photo (Paris), but when you click the hyperlink enticing the users to view the video, it will download an EXE file from another remote location.
An example of the email is below:
And the email body in text mode is similar below:
Highlighted in red is the actual location of the executable file. You can see the links of the photo is different from the location of the binary file.Some of the download links are as follows:
http://patuash.yoyo.pl/video_4.exe
http://www.odakoptik.com.tr/video_3.exe
http://baupol.net/video_1.exe
Example output from VT is here.
Posts
No comments:
Post a Comment