GandCrab Ransomware Gets Distributed via Fake Shipping Notification Written in Korean

 Analysis by: Maria Katrina Udquin

We recently observed a spam email making the rounds with the subject 'SHIPPED ORDER INCORRECT.' The spammed message purports to be a shipping order notification from a known courier delivery service company and tricks the recipient to open an attachment in the email.

The email body is written in Korean and contains a RAR attachment that supposedly contains information about a parcel. The attachment has an executable file named Fedex-info_2019-05-15_02-24.dok, which is a v ..