Thursday, 10 March 2016
Malware spam: "Final Notice About Unpaid Bill" / "Important Notice About Created Invoice" / "Important Message About New Invoice"
Fwd: Final Notice About Unpaid Bill
Fw: Important Notice About Created Invoice
Re: Important Message About New Invoice
Pls see the bill attached.
review the report attached.
check the invoice attached.
Some more examples can be seen here.
Attached is a randomly-named document, of which I have seen three samples (VirusTotal results   ). The Malwr report on one of the samples plus these Hybrid Analysis reports    shows a download of an encrypted file from:
The dropped files seem pretty random, indeed in all the samples the binaries were different with some generic detections    . All of the samples crash in Malwr    .
It all seems a little odd and if I get more information on what is happening, I will update this post. In the meantime the only mitigating step I can think of is to block traffic to darrallmacqueen.com which should stop the files downloading.