Date: 16 December 2015 at 09:44
Subject: Your e-Invoice(s) from Barrett Steel Services Ltd
Please find attached your latest Invoice(s).
Barrett Steel Services Ltd,
Have you considered paying by BACS ? Our details can be found on the attached invoice.
Please reply to this email if you have any queries.
You can use the link below to perform an Experian credit check.
Tel: 01274 654248 | | Fax: 01274 654253
Email: Samantha.Morgan@Barrettsteel.com | Web: www.barrettsteel.com
The information contained in or attached to this e-mail is intended for the use of the individual or entity to which it is addressed. It may contain information which is confidential and/or covered by legal, professional or other privilege (or other similar rules or laws). If you are not the intended recipient, or a person responsible for delivering it to the intended recipient, you are not authorised to and must not disclose, copy, distribute, or retain this message or any part of it. Nor should you take any action with reference to it. If you have received this communication in error, please return it with the title "received in error" to Barrett.Admin@Barrettsteel.com then delete the email and destroy any copies of it.
This email has been scanned for viruses, but no responsibility is accepted once this communication has been transmitted. You should scan attachments (if any) for viruses.
Barrett House, Cutler Heights Lane, Dudley Hill, Bradford, BD4 9HU
This message has been scanned by iCritical.
Attached is a file e-Invoice Barrett Steel Services Ltd.doc which I have seen just a single variant of, with a VirusTotal detection rate of 4/54 which according to this Malwr analysis downloads a malicious binary from the following location:
This downloaded binary has a detection rate of 4/53 and according to this Malwr report it attempts to contact:
126.96.36.199 (Megawire, Canada)
I strongly recommend that you block traffic to that IP. Other analysis is pending. The payload is almost definitely the Dridex banking trojan.