From: Joanne Durham [Joanne.firstname.lastname@example.org]
Date: 22 July 2015 at 10:04
Subject: Invoice Batch for UCB01 from: Excel Manufacturing Ltd
Please see our Invoice for your reference [Cust Ord No] attached.
Excel Manufacturing Ltd
Unit 1 & 2 Fieldhouse Business Park,
Old Fieldhouse Lane,
Tel: (01484) 452010
Fax: (01484) 452015
So far I have only seen one sample with an attachment Excel Manufacturing Ltd Invoice UCB01.docm which has a VirusTotal detection rate of 8/56. The document contains this malicious macro [pastebin] which downloads a binary from:
which is saved as %TEMP%\mikapolne.exe . This has a detection rate of 3/55 and this Malwr report shows suspect traffic to the following IP:
220.127.116.11 (Reg.Ru, Russia)
This appears to drop the Dridex banking trojan.