We all receive spam of all kind, some with malicious URL and other with strange files attachments. This week we have been receiving several java scripts as email attachments and most of them with malicious intent. I picked one of the many files received and (after unzipping the file twice) checked the MD5 hash in Virustotal, this file was never submitted. The script is well obfuscated but after submitting the sample to Virustotal, it shows this javascript as JS/Nemucod and is used to download ransomware and information stealing malware. 5042.js Javascript Partial Snapshot Using this javascript beautifier[5], it help make some sense of what this script is attempting to do. It is now much easier read the script and see the variables: Some ways to protect against malicious email attachments: - First step is to verify what your organization allows through the enterprise anti-malware gateway Last, obviously, nothing is foolproof, if unsure ask your security team to check the file. [1] https://www.virustotal.com/en/file/1f7b32e6db703817cab6c2f7cb8874d17af9d707ce17579dc30aee2cdadf082f/analysis/1472406596/ ----------- |
Guy 486 Posts ISC Handler Aug 28th 2016 |
Thread locked Subscribe |
Aug 28th 2016 4 years ago |
Sign Up for Free or Log In to start participating in the conversation!