Recently, we’ve received 100s of phishing emails from the same email address that contained what appeared to be an ‘invoice’ in a .rar file format. After running ‘strings’ on the file attachment, the file appears to contain a MIME certificate. Has anyone seen anything like this? The rar file when opened in windows claims to be
Some added info – roughly 3 days earlier, we received a round of phishing emails. My fear is that this rar file is some kind of key to setup a covert channel.
Hi Jason, we will be needing some details to do some analysis. Have you tried to upload the files to the virustotal website? You can find the site here; http://www.virustotal.com
Once you upload it there, it will be scanned by 52+ antivirus programs. The report will also be generated immediatly for you. If you still have questions after the report, then feel free to share the report url from VirusTotal.
Reminder; There are hundreds of malicious mails that contain the “locky” ransomware.