Nick Biasini from Cisco's TALOS IT security research department has identified a new e-mail campaign distributing the sophisticated version v3.0 of the CryptoWall ransomware. The e-mails it detected are about you Mission βιογραφικού και το κακόβουλο λογισμικό που παραδίδουν φαίνεται ότι δεν μπορεί να εντοπιστεί από ορισμένα antivirus.
Please be aware that the distribution of crypto-malware in this way is not unusual.
This malicious campaign uses the well-known trick of "RE." The email sent to potential victims comes as a response to a previous message. Inside the e-mail, there is a malicious ZIP file attached that contains an HTML document.
The file redirects to a malicious WordPress site that contains an IFRAME that redirects to a Google Drive account. Hosted malware (CryptoWall), which is disguised as a PDF file. It is actually an executable file (SCR) used for screensavers.
Ο Nick Biasini analyzed her chain infection and reported:
"These attacks are successful because these types of e-mails are considered legal. If someone is in the process of hiring or evaluating candidates, it is very likely that they will open the attachments and follow the process. "
The final beneficial load is CryptoWall, which, despite being well known in the security industry, is delivered with slight variations to avoid detection. The researcher reports that hashes are often changed to allow longer periods of hiding from antiviruses.
The online VirusTotal service for this campaign displays very few products that can detect malicious software and none of them seem to recognize its type.
However, with the researcher's publication, it will soon be recognizable with the next updates of the antivirus you are using. Do not forget is just a slightly modified version of ransomware.
Known Hashes:
Zip Files
6be76dcc877ac42d5af53807b4be92172dea245142e948dba1367c274ab6a508
36da04ec68a9e0031f89d12065317f8a64ca3598ad0349991fb684e323435a62
10fbbeb985f18de13a145f05314a4ab2aaf42fcc276c3e24c6491b6482fe1d5f
2a7b9016bb8004d101dba337c5d1e679c4b88bea198e425a42081ec4186e5b45
b53b58df6445bc4c754f178af66f0b3a5ddf1e93971439d05be61ad9f0bc0997
5fead4017f0770fd0dd8a99b97b514730f46c30ecd61857b1359701b2d73caa7
0c066baf5153cd8e522b74316fed24c075020ff59c52361f253918fa2d66c7ad
3889d489f3905164b2c5731b8fb9c9bbe95ead175c7070f0aa77efe040a18b35
5bf3471231a4b0a5ad0685c9ee36e9f1f21df3f6c8fcbcb83d60fd64cc513582
f6ad2ad1fceb98f6a61360afd17d02dab4c0d2919fa6ddfd978582cf044a9655
81af832b81e034dfe742698104a90c1ff6bd490e1c289a49968a15036a268a6b
2c03f7497ea8cfc4e8633f0ced8d28e65d8505f94e8d28297c7096f42d8bf2a2
2dd699613d9b6b709e4667457acefc3009db57684a85f488396c4e8f4c2d9521
Cryptowall 3.0
41188ce5a34605fd853b48ea1f026dc5ffc778c808be57d630f87146c7dd3bad
