分析者: Maria Katrina Udquin


We recently observed a spam email making the rounds with the subject 'SHIPPED ORDER INCORRECT.' The spammed message purports to be a shipping order notification from a known courier delivery service company and tricks the recipient to open an attachment in the email.

The email body is written in Korean and contains a RAR attachment that supposedly contains information about a parcel. The attachment has an executable file named Fedex-info_2019-05-15_02-24.dok, which is a variant of GandCrab ransomware (detected by Trend Micro as Ransom.Win32.GANDCRAB.TIOIBOCX). Once executed, the EXE file terminates a certain list of processes running in the affected system's memory, encrypts files in the system, and drops a ransom note.


To prevent system infection, we recommend users to refrain from opening unsolicited emails, especially those with attachments. Security solutions with anti-spam filtering weed out spammed messages such as this one.
 垃圾邮件阻止日期/时间 : 2019年5月18日 12:03:00 GMT-8
 TMASE
  • TMASE引擎(全局:8.1
  • TMASE样式(全局):4620