NewsSecurity News

“Love You” Email Malspam Campaign

An Incident Storm Center (ISC) Handler published an in-depth analysis of a malspam email campaign that he encountered. The emails had subject lines about love letters and had a zip attachment with a name starting with “Love_You_”. The zip file, when uncompressed, contained a JavaScript file that, upon execution, performed several HTTP requests to download additional malicious executables.

These executables were a Monero cryptocurrency miner, Phorpiex spambot malware, and GandCrab ransomware. The Phorpiex spambot malware caused the victim host to be joined to a botnet and begin emailing out copies of the malicious zip file to additional targets. Meanwhile the victim host was infected with ransomware and leveraged to mine cryptocurrency.

Indicators of Compromise

Domains

  • slpsrgpsrhojifdij.ru
  • osheoufhusheoghuesd.ru
  • suieiusiueiuiuushgf.ru
  • www.2mmotorsport.biz
  • www.haargenau.biz
  • www.bizziniinfissi.com
  • www.holzbock.biz
  • www.fliptray.biz
  • gandcrabmfe6mnef.onion

IP

  • 92.63.197.48
  • 198.105.244.228
  • 78.46.77.98
  • 217.26.53.161
  • 74.220.215.73
  • 136.243.13.215
  • 138.201.162.99

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.