Fake Prime Express Travel statement delivers Globeimposter ransomware

Haythem Elmir

The next in the never ending series of malware downloaders from the Necurs botnet is an email with the subject of   Outstanding Statement  pretending to come from Prime Express Oldham <sales62@primeexpressuk.com>  ( random numbers after sales) delivering Globeimposter ransomware

They use email addresses and subjects that will entice, persuade, scare or shock  a recipient to read the email and open the attachment.

Prime Express Oldham / www.primeexpressuk.com  has not been hacked or had their email or other servers compromised. They are not sending the emails to you. They are just innocent victims in exactly the same way as every recipient of these emails.

The phone number in the body of the email is random and does not belong to Prime Express Travel. Please don’t ring any of the numbers all you will do is end up with an innocent person or company

You can now submit suspicious sites, emails and files via our Submissions system

Customer Statement (122017_6816162).7z : Extracts to: Customer Statement (122017_51767638).js Current Virus total detections: Hybrid Analysis | Anyrun Beta |

This js file downloads from http://www.upperlensmagazine.com/tOldHSYW??DVTCGAtym=DVTCGAtym  ( VirusTotal) As usual there will be 6 or 8 other download sites

One of the  emails looks like:

From: Prime Express Oldham <sales62@primeexpressuk.com>

Date: Fri 22/12/2017 11:01

Subject: Outstanding Statement

Attachment: Customer Statement (122017_6816162).7z

Body content:[….]

To read the original article:

Laisser un commentaire

Next Post

5 Common network channels used by malware

Living in a modern digital era of computers can bring a lot of risks including data exfiltration to you and your PC. Computers are extremely vulnerable, and if the person on the other side of your network knows how to find the exact loophole in the system – you may suffer […]