From: UK GEOLOGY PROJECT by "Rough & Tumble" with "Moussa Minerals" <roughandtumble63@yahoo.co.uk>There is no body text, but there is an malicious DOC attachment named 20140918_122519.doc which come in two slightly different versions with poor detection rates [1] [2]. The macros have been subtly changed from recent spam runs [1] [2] [pastebin] and download a second stage from one of the following locations:
Date: 17 December 2014 at 07:20
Subject: Invoice as requested
http://openstacksg.com/js/bin.exe
http://worldinlens.net/js/bin.exe
This malicious executable is saved as %TEMP%\ADGYMSEKRJE.exe and has a detection rate of only 2/54.
Is is common with recent similar malware attempts, it attempts to phone home to 74.208.11.204 (1&1, US) as shown in the ThreatTrack report [pdf]. The Malwr report indicates a dropped file with an MD5 of ee826c184155a1fa1aea984f914e606a which is probably Dridex.
No comments:
Post a Comment