Sponsored by..

Wednesday, 20 April 2016

Malware spam: "Accounts at Beerhouse Self Drive [accounts3965@beerhouse.co.uk]" / "Document No™2958719"

This fake financial spam does not come from Beerhouse Self Drive but is instead a simple forgery with a malicious attachment:

From:    Accounts at Beerhouse Self Drive [accounts3965@beerhouse.co.uk]
Date:    20 April 2016 at 11:01
Subject:    Document No™2958719

Thanks for using electronic billing

Please find your document attached


Beerhouse Self Drive
In the only sample I have seen so far, there is an attachment Document No 992958719.doc which has a VirusTotal detection rate of 7/56. The Malwr report for that document shows that it downloads a binary from:


There are probably many other download locations. This dropped file has a detection rate of 6/56. The DeepViz report and Hybrid Analysis between then identify what is likely to be Dridex, phoning home to the following servers: (MultiNet AS, Norway) (Letshost / Digiweb, Ireland) (Contabo GmbH, Germany) (FUFO Studio Agata Grabowska, Poland) (Computers Equipnemt, Bulgaria) (TOV Dream Line Holding, Ukraine) (Topix, Italy) (Impsat, Argentina)

Recommended blocklist:

No comments: