- Dan Weis
QuickBooks Phishing Emails
Hi Guys, keep an eye out for this QuickBooks Invoice Phishing Email. It looks like the below.
A few typical signs, a different email domain, a suspect link.

A few smarts have been built into it, if you try to execute the link in a sandbox environment like app.any.run it detects this and presents a generic page like this:

When executing it in Sandboxie, it indeed try's to download a file called Invoice.zip

and this is delivered via a 'jskvideos.com'
https://jskvideos.com/out.php?ipBE=MTc1LjMzLjE4MC4xMTU=&uaBE=TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV09XNjQ7IFRyaWRlbnQvNy4wOyBydjoxMS4wKSBsaWtlIEdlY2tv&fN=SW52IzcwMzI3NDkybDQwOC56aXA=&bs=MA==&st=MA==&bse=MA==&hst=aHR0cDovLzE4NS4yMTIuMTMxLjY2&pth=L2RyZWR3b3JkLw==&ofc=aHR0cHM6Ly93d3cuaXBvc3RwYXJjZWxzLmNvbS9pbnRlcm5hdGlvbmFsL3NlbmQtcGFyY2VsLXRvLXVzYQ==&swt=ZW5hYmxl&whl=MTg1LjIwMi4yLjUw
The Zip file actually contains ransomware upon execution of the contents this particular one was using the Jigsaw Ransomware, often used by Chinese threat actors.
Be aware of invoice scams and invoice phishing emails, and remember if you didn't buy from the vendor, why would you be getting an invoice?
till next time.
#hackproof #hackproofyourself #phishing #ransomware #quickbooks