Sponsored by..

Thursday, 24 April 2014

"Balance Scheet" spam

This terse spam has a malicious attachment:

Date:      Thu, 24 Apr 2014 12:80:56 GMT [08:08:00 EDT]
From:      Admin@victimdomain
Subject:      FW: Balance Scheet

Please save the attached file to your hard drive before deleting this message. Thank you.
The mail headers in the email have been faked to make it look like it originated inside the victim's own internal network. Attached to the email is an archive file Balance-Sheet.zip which in turn contains a malicious executable Balance-Sheet.exe which has a VirusTotal detection rate of just 3/51.

Automated analysis tools [1] [2] [3] show an attempted download from the following locations:
[donotclick]tmupi.com/media/images/icons/team/Targ-2404USm.tar
[donotclick]altpowerpro.com/images/stories/highslide/Targ-2404USm.tar




1 comment:

Brandon Deriso said...

My company is also getting hit with this spam as well; thanks for the documentation!