The next in the never ending series of malware downloaders from the Necurs botnet is an email with the subject of Outstanding Statement pretending to come from Prime Express Oldham <email@example.com> ( random numbers after sales) delivering Globeimposter ransomware
They use email addresses and subjects that will entice, persuade, scare or shock a recipient to read the email and open the attachment.
Prime Express Oldham / www.primeexpressuk.com has not been hacked or had their email or other servers compromised. They are not sending the emails to you. They are just innocent victims in exactly the same way as every recipient of these emails.
The phone number in the body of the email is random and does not belong to Prime Express Travel. Please don’t ring any of the numbers all you will do is end up with an innocent person or company
You can now submit suspicious sites, emails and files via our Submissions system
Customer Statement (122017_6816162).7z : Extracts to: Customer Statement (122017_51767638).js Current Virus total detections: Hybrid Analysis | Anyrun Beta |
This js file downloads from http://www.upperlensmagazine.com/tOldHSYW??DVTCGAtym=DVTCGAtym ( VirusTotal) As usual there will be 6 or 8 other download sites
One of the emails looks like:
From: Prime Express Oldham <firstname.lastname@example.org>
Date: Fri 22/12/2017 11:01
Subject: Outstanding Statement
Attachment: Customer Statement (122017_6816162).7z
To read the original article: