Fake DHL email delivers an unknown keylogger coupled with a phishing scam

I was extremely surprised to wake up this Sunday Morning to a whole slew of fake DHL delivery notice emails with a macro enabled  word doc attachment that eventually downloads some sort of Keylogger. There is some dispute as to what the actual Keylogger is. Some AV on VirusTotal describe it as an AgentTesla generic, whereas Anyrun app calls it Sentinel. I don’t think either are 100% correct. DHL_FORM.doc       Current Virus total detections: Anyrun | This malware doc  downloads from https://heritagebank.ga/Quotation.exe  ( Virustotal) which is behind cloudflare and also is  a phishing site for the genuine heritage … Continue reading →

Article Link: https://myonlinesecurity.co.uk/fake-dhl-email-delivers-an-unknown-keylogger-coupled-with-a-phishing-scam/