Sponsored by..

Thursday 17 December 2015

Malware spam: "Your Latest Right Fuel Card Invoice is Attached" / "Right Fuel Card Company [invoice@rightfuelcard.co.uk]"

This fake financial email is not from Right Fuel Card Company but is instead a simple forgery with a malicious attachment.

From:    Right Fuel Card Company [invoice@rightfuelcard.co.uk]
Date:    17 December 2015 at 11:11
Subject:    Your Latest Right Fuel Card Invoice is Attached


Please find attached your latest invoice.

PLEASE ALSO NOTE OUR NEW OPENING HOURS ARE:
Monday - Thursday 9am - 5pm
Friday 9am - 3pm

For a copy of our latest Terms & Conditions please visit www.rightfuelcard.co.uk

Should you have any queries please do not hesitate to call us on 0845 625 0153 (Calls to this number cost 5 pence per minute plus your telephone company's access charge) or via email to info@rightfuelcard.co.uk.

Regards

Customer Services
The Right Fuelcard Company Limited

Attached is a file A01CardInv1318489.xls - at present I only have a single sample of this. VirusTotal is down at the moment so I cannot tell you the detection rate. The Malwr analysis shows behaviour consistent with several Dridex runs going on this morning, with a download from:

infosystems-gmbh.de/65dfg77/kmn653.exe

The payload is the Dridex banking trojan, and is identical to the payload here, here and here.


No comments: