From: Marylou Champagne [marylou@droitcour.com]This email is not from Droitcour and their systems and data have not been hacked or compromised in any way. Instead, this is a simple forgery that comes with a malicious Excel document attached.
Date: 19 February 2015 at 09:41
Subject: Proforma Invoice
Good Afternoon,
We have your purchase order SP14216 ready to ship.
Please advise if you will prepay or should we send COD.
Thank you,
Marylou
So far I have only seen a single sample of the attachment Inv SP14216.xls which contains a malicious macro (similar to the one here) which downloads a file from:
http://mondeodoslubu.cba.pl/js/bin.exe
This trojan download is identical to the one I mentioned here and it leads to the same payload.
No comments:
Post a Comment