Date: Mon, 04 Aug 2014 20:29:43 +0900 [07:29:43 EDT]
From: Accounts Dept [tolvan.rover@btinternet.com]
Subject: Invoice 2014080420 dynamoo
This email contains an invoice file for June 2014 - July 2014. Please pay invoice in full in 3 business days and reply to us.
There is an attachment INV_2014080420.zip containing a folder invoice_june2014-july2014.xls which in turn contains a malicious executable invoice_june2014-july2014.xls.scr which has a VirusTotal detection rate of 6/52. Automated analysis tools are inconclusive [1] [2] about what it does.
UPDATE:
The first part downloads a copy of Cridex from 23.92.84.52:8080/ord/1.exe which currently has a VT detection rate of 9/54. Blocking 23.92.84.52 may offer some protection.
No comments:
Post a Comment