Sponsored by..

Wednesday, 2 December 2015

Malware spam: "Aline Payment Request" / "Bruce Sharpe [bruce@alinepumps.com]"

This fake financial spam is not from Aline Pumps but is instead a simple forgery with a malicious attachment. In any cases Aline are an Australian company, they would not be sending out invoices in UK pounds.
From:    Bruce Sharpe [bruce@alinepumps.com]
Date:    2 December 2015 at 09:44
Subject:    Aline Payment Request

Dear Sir/Madam,
Overdue Alert
Our records show that your current balance with us is £2795.50 of which £2795.50 is still overdue.
Your urgent attention and earliest remittance of this amount would be appreciated.
We value your business and we would like to resolves any issues as quickly as possible. I am personally available on (02) 8508 4900 or bruce@alinepumps.com
Bruce Sharpe - Accounts Receivable
PO Box 694 Engadine NSW 2233 P. 02 9544 9999 F. 02 9544 8599 E. bruce@alinepumps.com

Attached is a file Statement_1973_1357257122414.doc which comes in at least three versions (although I have only seen two), with VirusTotal results of 4/55 [1] [2] and automated analysis [3] [4] shows download locations of:


apparently there is another download location of


In any case, the downloaded binary is the same and has a detection rate of 3/55  The Malwr analysis and this Hybrid Analyis shows it phoning home to: (PJSC DATAGROUP, Ukraine)

I strongly recommend that you block traffic to that IP.


No comments: