The xls attachment of the mail, also arrived in Italy, randomly contacts a link from an internal list and downloads the dll, starting the malware infection.
Technical analysis by the Malware Hunter JAMESWT
New phishing campaign exploits the email “storage limit” lure. Fake message from victim’s help desk invites him to open a link. It redirects to a false tailored login page. The objective is to steal the password
New phishing campaign exploits the “storage limit” lure. Cybercrime actors send an email, impersonating the help desk, about a problem on the account space limits.
According the message, the email-box is full and an action is required to restore it, opening a link tailored to the victim. In fact, it leads to a fake login page where the user’s address is already entered.
The target just needs to insert the password. Once done, he’s been redirected to the real homepage (if there is one), linked to the mail address. Meanwhile, he’s credentials have been stolen.