Sponsored by..

Thursday, 10 December 2015

Malware spam: "STMT ACWL-15DEC12-120106" / "accounts@mamsoft.co.uk [statements@mamsoft.co.uk]"

This fake financial email does not come from MAM Software but is instead a simple forgery with a malicious attachment.

From:    accounts@mamsoft.co.uk [statements@mamsoft.co.uk]
Date:    10 December 2015 at 11:35
Subject:    STMT ACWL-15DEC12-120106

The following are attached to this email:
Attached is a file XACWL-15DEC12-120106.DOC which I have only seen one variant of so far, with a VirusTotal detection rate of 6/54. According to the Malwr analysis, it downloads a file from:


There will probably be other versions of the document with different download locations. This executable has a detection rate of 2/54 and according to this Malwr report it contacts: (University Of Puerto Rico, Puerto Rico)

Other analysis is pending, in the meantime I recommend that you block traffic to that IP. The payload is probably the Dridex banking trojan.


1 comment:

Mr Windy said...

Just received this one to. I viewed it as a txt file and the line "P r o j e c t . T h i s D o c u m e n t . a u t o o p e n " rang alarm bells...