Fake emails from FEDEX TRACK or FEDEX INFO contains trojan

MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with the subjects like:

Ezekiel Francis your agent FEDEX
Bullock, Tiger P. agent FEDEX
Quin Greer FEDEX company

This email is send from the spoofed address “FEDEX TRACK <******@care.it>”, FEDEX INFO <fedexservice@care.info> or “FEDEX INFO <fedextechsupport@care.org>” and has the following body:

Dear Customer!

We attempted to deliver your package on December 2th, 2014, 10:50 AM.
The delivery attempt failed because the address was business closed or nobody could sign for it.
To pick up the package,please, print the invoice that is attached to this email and visit Fedex location indicated in the receipt.
If the package is not picked up within 48 hours, it will be returned to the shipper.
Label/Receipt Number:   45675665665
Expected Delivery Date: December 2th, 2014
Class: International Package Service
Service(s): Delivery Confirmation
Status: Notification sent

Thank you

Copyright© 2014 FEDEX. All Rights Reserved.
*** This is an automatically generated email, please do not reply ***

The attached file Package.zip contains the 180 kB large file 45675665665.scr.

The trojan is known as Win32:Trojan-gen, a variant of Win32/Injector.BQTY, TR/Crypt.Xpack.78830  or W32/BQOC!tr.

At the time of writing, 3 of the 54 AV engines did detect the trojan at Virus Total.

Use the Virus Total permalink or Malwr permalink for more detailed information.
SHA256: 3848d21eddfb5d70a39406bf45652f6daed3432cbd61bef50e705350904ebd3b

One thought on “Fake emails from FEDEX TRACK or FEDEX INFO contains trojan

Comments are closed.