2016-06-14 Malspam Delivers Nemucod/Kovter/xxxCrypt
Here is another example of some malspam I was able to find the other day while at work. From what I can tell this is the standard Nemucod/Kovter malware (since it drops other malicious binaries on the system) with a version of XXXCrypt embedded in it. I was able to find some more information about this malware (which looks very close to the sample that I have below) over on Fortinet’s blog post here. There was one thing that was different that Fortinet’s blog did not talk about – the presenece of some PHP files. Another blog from Reaqta talks…