Tag Archives: ups zbot

Malware: UPS Delivery Notification Tracking Number

We recently logged some emails with attached two suspicious files:


As you can see, the email has a subject and an address that may seem coming from the UPS, but in reality the email is a scam and it is used to spread as attachment a file named invoiceCM0V9ORWJF23KX8PAP.PDF.exe, that is the executable file of the (in)famous Zbot trojan, used by cybercriminals to monitor the PC of the victims and to steal bank data and other sensitive information.

More information about the attached file:

File: invoiceCM0V9ORWJF23KX8PAP.PDF.exe
Size: 167.2 KB ( 171261 bytes )
SHA256: 2695e33e671c4eee1e55ad534d9b33445a56b8ffeff50b7c63fa12f266de1088
SHA1: 3c0e4f12faef99cc80f8a091a8210b34a2c7c9fb
MD5: 015e60d0ddff09d7df66d926d3793cc8