We’ve detected an uptick in USPS-themed malspam walloping users with a 1-2-3 knock-out of nasty malware designed to infiltrate your system and steal all your most valuable information. This malware-laced email is actively being distributed with various Subject and Body messages containing references to missing and/or late USPS parcels.
[caption id="attachment_17351" align="aligncenter" width="600"] Example of USPS-themed malspam[/caption]
[caption id="attachment_17353" align="aligncenter" width="600"] Shows installed payloads[/caption]
The 3 malware families are all different in their design but make no mistake about it, all 3 will compromise your security and put your financials at risk.
Trojan.Nymaim is first to come down the line using filename exe1.exe. This Trojan provides attackers with remote access to infected machines allowing for everything, from the collection of banking credentials to backdoor functionality allowing attackers full use of the machine.
[caption id="attachment_17354" align="aligncenter" width="600"] Trojan.Nymaim at execution[/caption]
Finally, exe3.exe is identified as Trojan.Boaxxe, which as you may guess is also a Trojan with backdoor and stealing capabilities. This Trojan scans the PC for any trace of information deemed valuable by the creators and transmits this information to the attacker's server for use in further attacks. Information is saved in the form of encrypted registry strings that are continuously updated by the malware.
[caption id="attachment_17357" align="aligncenter" width="1024"] Information harvesting[/caption]
Taken together, these 3 malware families will take hold of your machine, drain your bank accounts, and leave you high and dry. So just be wary of suspicious looking shipping notices arriving via email and never install files received in email without certainty of their origin.
IOC’s:Delivery-Details.js - 877480DBDE4FCFF9E21E294EF6B64E50
Exe1.exe - F22807784588C2117457634494943729
Exe2.exe - B10A08A1ACB1B42CA91032EBED613A2A
Exe3.exe - 423213BD6A167D4B7DEEC18E7B18E13E