From "Garth Hutchison"
Date 21/01/2015 11:50
Subject BACS Transfer : Remittance for JSAG400GBP
We have arranged a BACS transfer to your bank for the following amount : 5821.00
Please find details attached.
Attached is a malicious Word document BACS_transfer_JS87123781237.doc [VT 1/57] which contains a macro [pastebin] which downloads a file from:
http://stylishseychelles.com/js/bin.exe
This is then saved as %TEMP%\iHGdsf.exe. This has a VirusTotal detection rate of 6/57 identifying it as a Dridex downloaded. You can see the Malwr report here.
Sources indicate that this malware phones home to the following IPs which I recommend you block:
92.63.88.108
143.107.17.183
5.39.99.18
136.243.237.218
No comments:
Post a Comment