Sponsored by..

Monday, 20 April 2015

Malware spam: "Hector Malvido [handyman1181@hotmail.com]" / "Pending payment"

This spam comes with a malicious attachment:

From:    Hector Malvido [handyman1181@hotmail.com]
Date:    20 April 2015 at 10:51
Subject:    Pending payment

This invoice shows in my records that has not being pay can you review your records please
Attached is a file filename-1.doc (3/57 detection by AV vendors) which may come in many different versions, but the samples I have all have this malicious macro [pastebin] which downloads another component from the following location:


This is saved as %TEMP%\grant8i.exe and has a VirusTotal detection rate of 5/57. Automated analysis tools [1] [2] [3] [4] show it phoning home to: (StarNet SLR, Moldova)

The Malwr report shows that it drops a Dridex DLL with a 3/57 detection rate.

Recommended blocklist:


1 comment:

J.B. Ogihara said...

I was pretty sure that the email was spam, but I googled the name "Hector Malvido" just out of curiosity and found your website. Thank you for confirming my suspicion and for your good work. :)