Analyse vonMaria Katrina Udquin

We recently observed a spam email making the rounds with the subject 'SHIPPED ORDER INCORRECT.' The spammed message purports to be a shipping order notification from a known courier delivery service company and tricks the recipient to open an attachment in the email.

The email body is written in Korean and contains a RAR attachment that supposedly contains information about a parcel. The attachment has an executable file named Fedex-info_2019-05-15_02-24.dok, which is a variant of GandCrab ransomware (detected by Trend Micro as Ransom.Win32.GANDCRAB.TIOIBOCX). Once executed, the EXE file terminates a certain list of processes running in the affected system's memory, encrypts files in the system, and drops a ransom note.

To prevent system infection, we recommend users to refrain from opening unsolicited emails, especially those with attachments. Security solutions with anti-spam filtering weed out spammed messages such as this one.
 Spam gesperrt am/um:: 18 Mai 2019 GMT-8
  • TMASE Engine::8
  • Patrón TMASE: 4620