Sponsored by..

Tuesday, 15 December 2015

Malware spam: "Invoice for Voucher ACH-2-197701-35" / "Reservations [res@affordablecarhire.com]"

This fake financial spam does not come from Affordable Car Hire but is instead a simple forgery with a malicious attachment.

From:    Reservations [res@affordablecarhire.com]
Date:    15 December 2015 at 11:50
Subject:    Invoice for Voucher ACH-2-197701-35


Affordable Car Hire
     
Payment Link For BookingACH-2-197701-35
 
 
Please find attached your invoice for reservation number ACH-2-197701-35
 

 
This email was sent on 14/12/2015 at 16:25
 



ACH-2-197701-35-invoice.xls
116K

I have only seen a single sample, with an attachment ACH-2-197701-35-invoice.xls which has a VirusTotal detection rate of 3/54. According to this Malwr report, it downloads a malicious binary from:

usahamanfaat.com/8iy45323f/i87645y3t23.exe

The payload here is the Dridex banking trojan, and it is identical to the one found in this spam run.

1 comment:

Unknown said...

I opened this attachment, but apparently nothing was downloaded. I tried to scan my pc with Malwarebytes, bitdefender and spyhunter and got only negative reports. Is there anything I could do to be sure that my pc was not infected? Thank you