Sponsored by..

Wednesday, 3 February 2016

Malware spam: "Invoice MOJU-0939" / Accounts [message-service@post.xero.com]

This fake financial spam comes with a malicious attachment. It does not come from Moju Ltd but is instead a simple forgery with a malicious attachment:

From:    Accounts [message-service@post.xero.com]
Date:    3 February 2016 at 09:04
Subject:    Invoice MOJU-0939

Hi,

Here's invoice MOJU-0939 for 47.52 GBP. For last weeks delivery.

The amount outstanding of 47.52 GBP is due on 25 Feb 2016.

If you have any questions, please let us know.

Thanks,
Moju Ltd
I have only seen one sample of this, with an attachment named Invoice MOJU-0939.zip containing a malicious script invoice_id4050638124.js that has detection rate of 2/53 and which according to this Malwr report downloads a binary from:

www.ni-na27.wc.shopserve.jp/43rf3dw/34frgegrg.exe

This payload is the same as seen in this concurrent spam run.

1 comment:

Richard C. Lambert said...

This fake financial spam comes with a malicious attachment. It does not come from Moju Ltd but is instead a simple forgery with a malicious attachment:invoice software