Tag Archives: Azorult

Fake Fax message email delivers Azorult trojan

My Online Security Posted on by  

An email with the subject of Fax Message ID: 8118 896 972 coming from Hunt Sharon <kekhang@kekhang.hu>  with  a zip attachment containing 2 files arrived to an email address on my server yesterday. This malware attack is slightly unusual and I don’t think very effective. However it is very interesting. When you open the zip file, you see 2 files inside it: A word doc named Fax_ID_45436426.doc that appears to be password protected and a .js file called Password. Now when you have Windows set to its stupidly set, dumbded down, default state of do not show file extensions you see this on Continue reading →

False Invoice Due email with password protected attachment delivers malware

My Online Security Posted on by  

This generic email with the subject of “Invoice Due”  coming from  help@simplexhealthcare.info with a malicious password protected word doc attachment  does eventually deliver some sort of malware. Recently password protected word docs have been delivering some sort of Ransomware frequently Hermes Ransomware via Azorult intermediate download. This is probably Azorult on the first stage, based on the file name azo.exe but I can’t see any encryption happening using the online sandboxes. It probably is Hermes ransomware based on the file names. These criminals don’t tend to be very original. The details in this campaign do match the details shown in this Continue reading →