Sponsored by..

Wednesday, 22 July 2015

Malware spam: "Invoice Batch for UCB01 from: Excel Manufacturing Ltd" / "Joanne Durham [Joanne.durham@excel.gb.com]"

This fake financial spam does not come from Excel Manufacturing Ltd but is instead a simple forgery with a malicious attachment.

From:    Joanne Durham [Joanne.durham@excel.gb.com]
Date:    22 July 2015 at 10:04
Subject:    Invoice Batch for UCB01 from: Excel Manufacturing Ltd


Please see our Invoice for your reference [Cust Ord No] attached.

Yours sincerely,

Excel Manufacturing Ltd
Unit 1 & 2 Fieldhouse Business Park,
Old Fieldhouse Lane,
Huddersfield,
West Yorkshire,
HD2 1FA

Tel: (01484) 452010
Fax: (01484) 452015
Email: info@excel.gb.com

So far I have only seen one sample with an attachment Excel Manufacturing Ltd Invoice UCB01.docm which has a VirusTotal detection rate of 8/56. The document contains this malicious macro [pastebin] which downloads a binary from:

http://amsaqwankido.com/max/bbw.exe

which is saved as %TEMP%\mikapolne.exe . This has a detection rate of 3/55 and this Malwr report shows suspect traffic to the following IP:

194.58.96.45 (Reg.Ru, Russia)

This appears to drop the Dridex banking trojan.

MD5s:
1aa3f816e710f3cecb255845d4738c5e
839ca1594450c1d7afca5fddc376fbfa

3 comments:

Joy Woodworth said...

I just got this email from sender IP is 50.81.1.73

Barry said...

I also received it. Beware of unexpected attachments!

johndoe said...

U must be an idiot anyway if u open or click to download that shit unless u expect something like that from that company or anywere ealse.
I recive 10ns of that kind of emails every day an does not mean I must open them.
people have to wakeup and think twice, don't just be curios ( u know what kill the cat :)))))?????