0

Here's the text from that e-mail (no subject)

31725714 65
TJBPYEW YBTLI UNILPW FPW J II
NSWKW LGKJQBS PVGVQX ZEWW WQUWFZ VT

Here's the code from the attachment I extracted with Notepad++: https://pastebin.com/Fv9JPmu3 Being curious, I used Sandboxie (a sandboxing program) to open the file after saving it but nothing happened so I deleted the file and the sandbox contents.

I'm surprised Gmail didn't mark it as spam. Since the e-mail includes a list of other recipients, I'm also sending them a warning not to open it, whatever it is.

Can you explain how to decode such e-mails?

Krzeszny
  • 1
  • 1
  • This isn't a perfect duplicate of [Is this some kind of Bayesian poisoning?](https://security.stackexchange.com/q/79757/42391) since the message content is slightly different (the payload is in an attachment and the gibberish isn't an arbitrary quote or word salad), but it's very close and I wrote the answer there to abstract to all cases of gibberish spam, including this one. – Adam Katz Oct 11 '21 at 15:43

2 Answers2

3

The attachment contains a redirect. The redirect is base64 encoded, and leads to hxxp://2021pro1.info/6TS7Z7bC?732316485. That site appears to redirect to a bitcoin scam.

It's spam. Delete it and forget it. Life is too short to read spam.

gowenfawr
  • 71,975
  • 17
  • 161
  • 198
vidarlo
  • 12,850
  • 2
  • 35
  • 47
0

Gibberish spam comes in many forms.

This is one of them. This is likely a form of Bayesian poisoning, where they try to create enough novel tokens to water down your filter's ability to assign higher weights to spammy bits—which doesn't really work.

This may also be a hash buster, designed to mutate rapidly in order to evade detection.

See my answer to this duplicate question.

Adam Katz
  • 9,718
  • 2
  • 22
  • 44