Sponsored by..

Tuesday 24 March 2015

Malware spam: "Mary Watkins [mary@elydesigngroup.co.uk]" / "Invoice"

This spam email message does not come from Ely Design Group, but is in fact just a simple forgery. Ely Design Group's systems have not been compromised in any way. This email comes with a malicous attachment.

From:    Mary Watkins [mary@elydesigngroup.co.uk]
Date:    24 March 2015 at 07:23
Subject:    Invoice

Hi,

As promised!

--
Mary Watkins
Office Manager
Ely Design Group
Attached is a Word document named S22C-6e15031710060.doc which has a low detection rate of 2/57 which contains this malicious macro [pastebin] which then downloads a component from the following location:

http://dogordie.de/js/bin.exe

The file is saved as %TEMP%\PALmisc2.5.2.exe and has a VirusTotal detection rate of 6/57.

Automated analysis tools [1] [2] [3] [4] [5] indicate that the binary crashes in those test environments. although whether or not it will work on a live PC is another matter. The payload (if it works) is almost definitely the Dridex banking trojan.

2 comments:

R said...

Ely Design Group have posted a message on their website saying that their servers came under attack and advising people not to open anything claiming to originate from them.

xlr8 said...
This comment has been removed by the author.