Continuing with the never ending series of malware downloaders is an email with the subject of Copy Credit Note coming or pretending to come from Anna Mills anna.mills@ random email addresses with a semi-random named zip attachment which contains another zip file which delivers a wsf file eventually delivering what looks like emotet banking Trojan
Remember many email clients, especially on a mobile phone or tablet, only show the Name in the From: and not the bit in <domain.com >. That is why these scams and phishes work so well.
This is another one of the files that unless you have “show known file extensions enabled“, can easily be mistaken for a genuine DOC / PDF / JPG or other common file instead of the .EXE / .JS file it really is, so making it much more likely for you to accidentally open it and be infected.
1763904.zip extracts to AA-213-RR.zip : Extracts to: AA-213-RR.wsf Current Virus total detections: Payload Security shows a download of an encrypted file from http://sellitni.com/hjgf677??RqtfrQRDh=FirlRSoaCC which is converted by the script to emsjwIjFro1.exe ( VirusTotal) which suggests it might be emotet banking malware ( Payload Security )
Please see attached recent copy credit note.
Confidentiality: This e-mail and its attachments are intended only for the use of the person(s) (“the Intended Recipient”) to whom they are addressed and may also be legally privileged. It may contain information which is privileged and/or confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. If you are not the Intended Recipient, please inform us as soon as possible of the error and immediately delete this e-mail and it’s attachments from your system.
Security Warning: Please note that this e-mail and its attachments have been created in the knowledge that internet e-mail is not a completely secure communications medium. We advise that you understand and observe this lack of security when e-mailing.
Viruses: Although we have taken reasonable steps to ensure that this e-mail and its attachments are free from any virus, we advise that in keeping with good computing practice, the recipient should ensure that they are actually virus free and we cannot accept liability for any damage which you may sustain as a result of software viruses.
Baby Bottles Wholesale Limited Registered in England, Registered Number 2066649
Premises address, Crondal Road, Bayton Road Industrial Estate, Exhall,Coventry, CV7 9NH