Sponsored by..

Monday 28 April 2014

"This email contains an invoice file attachment" spam

This very terse spam comes with a malicious attachment:

Date:      Mon, 28 Apr 2014 17:23:58 +0900 [04:23:58 EDT]
From:      Accounts Dept [shortchanges2@morgan-bros.co.uk]
Subject:      Email invoice: 2552266

This email contains an invoice file attachment
Attached is a file emailinvoice.8630595.zip which in turn contains a malicious executable emailinvoice.197291101.exe which has a VirusTotal detection rate of 5/51.

Automated analysis tools [1] [2] [3] show various system changes being made, but make no record of network activity.

No comments: