Fake email “Postal Notification Service” from FedEx contains trojan Upatre.FH


MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with the subject “Postal Notification Service”.

This email is send from the spoofed address “FedEx <no-replay@fedex.co.uk>” and has the following body:

Dear Customer,

You parcel arrived, read the account in the attachment.
Consignment: #048610198
Submit time: Tue, 17 Feb 2015 11:23:13 +0000

Screenshot of the email:

The attached file invoice.zip contains the 25 kB large file invoice.exe.

The trojan is known as UDS:DangerousObject.Multi.Generic, HEUR/QVM20.1.Malware.Gen or Upatre.FH.

At the time of writing, 3 of the 57 AV engines did detect the trojan at Virus Total.

Use the Virus Total or Malwr for more detailed information.
SHA256: 06a371f9252b04bb2eafc020ba71750d7e2190bbb93bbc2b5b95faf1701a98c5

One thought on “Fake email “Postal Notification Service” from FedEx contains trojan Upatre.FH

Comments are closed.