From: Marylou Champagne [firstname.lastname@example.org]This email is not from Droitcour and their systems and data have not been hacked or compromised in any way. Instead, this is a simple forgery that comes with a malicious Excel document attached.
Date: 19 February 2015 at 09:41
Subject: Proforma Invoice
We have your purchase order SP14216 ready to ship.
Please advise if you will prepay or should we send COD.
So far I have only seen a single sample of the attachment Inv SP14216.xls which contains a malicious macro (similar to the one here) which downloads a file from:
This trojan download is identical to the one I mentioned here and it leads to the same payload.