Among a lot of various scam emails about “post express“, we found one email that is unfamiliar, and pretty sure this is a different malware, with subject “Available for pickup“, and included an executable attachment file, “Sent.exe“.
I have just returned and received your message — it is 2:25 am in Vancouver.
I have received a communication from your partner (I am forwarding it separately) and am waiting for an official translation that I will then take up with my colleagues.
Hence, the funds has been sent via western union and money gram respectively
REF: 9310 5521 Amount: 3000 CAD
MTCN: 764 327 9355 Amount: 2000 CAD
The payment receipt is attached in a single file
I hope to hear from you soonest
Both payments are available for pick up
We try to dig it deeper with the attachment, and found out that this is a Keylogger. From the decrypted configuration file, we can see the used SMTP server and the target email address for sending the report.
All recorded keystroke will be send to the target email address, including your IP, computer name, and the user name.
Keep update your Emsisoft Anti-Malware, and always stay alert and be cautious with everything you receive.