New Javascript malware: Voicemail from 07730881627 00:00:24


MX Lab, http://www.mxlab.eu, started to intercept a new malware distribution campaign by email with the subject “Voicemail from 07730881627 <07730881627> 00:00:24”. This is a fake email and is not originating from the company SureVoIP.

This email is send from the spoofed address “SureVoIP <voicemailandfax@surevoip.com>” and has the following body:

Message From “07730881627” 07730881627
Created: Tue, 22 Mar 2016 23:04:10 +0300
Duration: 00:00:24
Account: 9995@123carfinance.hosted.surevoip.com

The attached file msg_0e0457d4-ee0f-11e5-84d5-7dba1ad27223.zip contains the file OJR8543409505.js (filenames can vary).

The malware is detected by 6/57 AV engines at Virus Total. Malwr analysis shows that alware is downloaded from the following location: hxxp://gamesguarapuava.com.br/43532434.exe.

The malware is detected by 5/57 AV engines at Virus Total and the analysis is available on Malwr.

4 thoughts on “New Javascript malware: Voicemail from 07730881627 00:00:24

  1. 2 new multiple-send themes this morning:

    “Subject: Unpaid electricity bill – Customer Reference 92796668
    From: Laurie nash ”

    “Subject: Image0542767582777.pdf
    From: “gb3kudzu”

Comments are closed.