Technical analysis by the Malware Hunter JAMESWT

Fake payment receipt from a real South African company maybe spread a vjworm. A .Tar attached document. It hides a JS that starts the malware infection. However, at the moment, the C2 server is not responding. So, there is not certainty as what it is

Fake payment receipt from a real South African company spreads a malware through a malspam campain and the mail attachment, a compressed .Tar file. It contains a JS which, if opened, contacts a website and downloads the malicious code. This could be a vjworm, but at the moment the cybercrime C2 doesn’t respond. So, it’s not certain what it does. However researchers are studying it to understand which family it belongs to.

The fake South African company email