The email GZ attachment contains a password-protected zip (not provided in the text), with an exe inside: the malware itself. It is not known what the next payload is.
Technical analysis by the Malware Hunter JAMESWT
New cybercrime phishing campaign targets French Posts. The lure is a fake residual colissimo shipping cost that has to be paid, opening a link
French Posts are victims of an ongoing phishing campaign. The lure is a message sent by mail or sms in which cybercrime actors try to convice users to open a link with a probably excuse of a residual shipping cost to pay related to the Colissimo service. It directs to a fake La Poste login website, detected by MalwareHunterTeam, in which user has to digit many personal data and sensitive info as the credit card credentials. Once the form has been compiled, a new page appears. It asks to digit che confirmation code sent on the victim’s mobile phone. But, obviously, he had never received it. However, afrter a couple of attempts, it redirects on the official French Posts homepage. The objective is to steal users PII and sensitive data. The onwner of the domain, in fact, is a third party with no links with the Posts. Furthermore, the fake site is hosted by namecheap, often used by cybercrime for those kind of campaigns. Furthermore, La Poste has spread a warning message to advise that it’s a scam.