skip to Main Content

Cybercrime, an RFQ mail carries an unknown malware

Technical analysis by the Malware Hunter JAMESWT

An RFQ mail carries an unknown malware. The xlsx file uses an Excel CVE to contact an IP and download the payload. The link is not active now, but downloaded several during the day

A Request For Quotation (RFQ) is the lure to convey malware, currently unknown, in a global campaign.

 

The email xlsx attachment, if open, uses an Excel CVE to contact an IP and download the payload. At the moment the link is not active, so it was not possible to detect which family it belongs to. During the day, however, it was used to download several: from Agent Tesla to AZOrult, through SnakeKeylogger, Lokibot and OskiStealer.

Back To Top