Date: Fri, 28 Mar 2014 07:16:43 -0300 [06:16:43 EDT]The attachment is a ZIP file which contains an exectable Statement_03282014.exe (note that the date is encoded into the file). This has a VirusTotal detection rate of 8/51.
From: "Sky.com" [firstname.lastname@example.org]
Subject: Statement of account
Please find attached the statement of account.
We look forward to receiving payment for the February invoice as this is now due for
This email, including attachments, is private and confidential. If you have received this
email in error please notify the sender and delete it from your system. Emails are not
secure and may contain viruses. No liability can be accepted for viruses that might be
transferred by this email or any attachment. Wilson McKendrick LLP Solicitors, Queens
House, 29 St. Vincent Place, Glasgow G1 2DT Registered in Scotland No. SO303162. Members:
Mark Wilson LLB Dip. NP LP Allan T. McKendrick LLB Dip. LP NP.
The Malwr analysis shows several attempted network connections. Firstly there's a download of a configration file from [donotclick]igsoa.net/Book/2803UKd.wer and then subsequently an attempted connection aulbbiwslxpvvphxnjij.biz on 188.8.131.52 (a Linode IP which has been seen before) and a number of other autogenerated domains.