Sponsored by..

Tuesday 27 January 2015

Malware spam: "Eileen Meade" / "R. Kern Engineering & Mfg Corp."

Kern Engineering & Mfg Corp. is a wholly legitimate firm, they are not sending out this spam nor have their systems been compromised in any way. Instead, this is a forgery which has a malicious Word document attached.

From:    Eileen Meade [eileenmeade@kerneng.com]
date:    27 January 2015 at 08:25
subject:    inv.# 35261

  Here is your invoice & Credit Card Receipt.


 Eileen Meade
 R. Kern Engineering & Mfg Corp.
Accounting
909) 664-2442
Fax 909) 664-2116
So far, I have seen two different version of the Word document, both poorly detected [1] [2] containing two different macros [1] [2]. These attempt to download a binary from one of the following locations:

http://UKR-TECHTRAININGDOMAIN.COM/js/bin.exe
http://schreinerei-ismer.homepage.t-online.de/js/bin.exe

This is saved as %TEMP%\sdfsdferfwe.exe. It has a VirusTotal detection rate of 3/57. Automated analysis tools are inconclusive [1] [2] [3].

No comments: