Sponsored by..

Wednesday, 22 July 2015

Malware spam: "Invoice Batch for UCB01 from: Excel Manufacturing Ltd" / "Joanne Durham [Joanne.durham@excel.gb.com]"

This fake financial spam does not come from Excel Manufacturing Ltd but is instead a simple forgery with a malicious attachment.

From:    Joanne Durham [Joanne.durham@excel.gb.com]
Date:    22 July 2015 at 10:04
Subject:    Invoice Batch for UCB01 from: Excel Manufacturing Ltd

Please see our Invoice for your reference [Cust Ord No] attached.

Yours sincerely,

Excel Manufacturing Ltd
Unit 1 & 2 Fieldhouse Business Park,
Old Fieldhouse Lane,
West Yorkshire,

Tel: (01484) 452010
Fax: (01484) 452015
Email: info@excel.gb.com

So far I have only seen one sample with an attachment Excel Manufacturing Ltd Invoice UCB01.docm which has a VirusTotal detection rate of 8/56. The document contains this malicious macro [pastebin] which downloads a binary from:


which is saved as %TEMP%\mikapolne.exe . This has a detection rate of 3/55 and this Malwr report shows suspect traffic to the following IP: (Reg.Ru, Russia)

This appears to drop the Dridex banking trojan.



Joy Woodworth said...

I just got this email from sender IP is

Barry said...

I also received it. Beware of unexpected attachments!

johndoe said...

U must be an idiot anyway if u open or click to download that shit unless u expect something like that from that company or anywere ealse.
I recive 10ns of that kind of emails every day an does not mean I must open them.
people have to wakeup and think twice, don't just be curios ( u know what kill the cat :)))))?????