Sponsored by..

Wednesday, 10 June 2015

Malware spam: "Hayley Sweeney [admins@bttcomms.com]" / "Your monthly BTT telephone bill"

This spam does not come from BTT Communications, but is instead a simple forgery with a malicious attachment:

From:    Hayley Sweeney [admins@bttcomms.com]
Date:    10 June 2015 at 11:20
Subject:    Your monthly BTT telephone bill

Please find attached your telephone bill for last month.
This message was sent automatically.

For any queries relating to this bill, please contact Customer Services on 01536 211100. 
So far I have only seen one sample with an attachment Invoice_68362.doc which contains this malicious macro [pastebin] which downloads a malicious executable from:


This is saved as %TEMP%\birsafpc.exe and it has a VirusTotal detection rate of 6/57. Automated analysis tools show traffic to the following IPs: (Linode, US) (OVH, France) (Global Telecommunications Ltd, Russia)

This Malwr report also indicates that it drops a Dridex DLL with a detection rate of 7/57.

Recommended blocklist:


No comments: