Sponsored by..

Monday 11 January 2016

Malware spam: "Your latest invoice from UKFast No.1228407" / UKFast Accounts [accounts@ukfast.co.uk]

This fake financial spam does not come from UKFast but is instead a simple forgery with a malicious attachment.
From     UKFast Accounts [accounts@ukfast.co.uk]
Date     Mon, 11 Jan 2016 11:00:10 +0300
Subject     Your latest invoice from UKFast No.1228407
I am unable to determine what the body text is at the moment. In this case, the attachment was named Invoice-1228407.doc and has a VirusTotal detection rate of 3/54. The Malwr report shows that the malicious macro [pastebin] downloads an executable from:

www.vmodal.mx/5fgbn/7tfr6kj.exe

This binary has a detection rate of 2/54 and an MD5 of 3d59b913f823314ca85839b60a9d563a.  This Malwr report for the dropped file indicates network traffic to:

114.215.108.157 (Aliyun Computing Co, China)

I strongly recommend that you block traffic to that IP. The payload is the Dridex banking trojan.

No comments: