Sponsored by..

Tuesday, 9 February 2016

Malware spam: "Accounts" / [accounts_do_not_reply@aldridgesecurity.co.uk]

This rather terse spam does not come from Aldridge Security but it is instead a simple forgery with a malicious attachment. There is no subject.

From     [accounts_do_not_reply@aldridgesecurity.co.uk]
Date     Tue, 09 Feb 2016 10:31:14 +0200

I have only seen a single sample with an attachment document2016-02-09-103153.doc which has a VirusTotal detection rate of 5/54. Automated analysis [1] [2] shows that it downloads a malicious executable from:


This has a detection rate of 5/54. Those analyses indicates that the malware phones home to: (Rackspace, US)

I strongly recommend that you block traffic to that IP. The payload is the Dridex banking trojan.

No comments: