The zip attachment contains an exe file: the malware itself. This, if opened, activates the infection.
Tecnica analysis by the Malware Hunter JAMESWT
Second phishing campaign on Webmail. The bait this time is the unexpected closure of the account and some pending messages. With the excuse of fixing the error, threat actors try to steal the credentials
Second cybercrime Webmail-themed phishing campaign: this time the bait is the sudden closure of the e-mail account, following which some messages remained pending. The text asks you to open a link to fix the errors that led to the blocking of the email.
This points to a fake login page of the provider, in which the entry of username and password is required.
As in the “mailbox almost full” campaign, when the operation is completed, a message appears with a “server error”, inviting the user to connect at a later time. In reality, the credentials will have been stolen.