Sponsored by..

Thursday 5 March 2015

Malware spam: "Bobby Drell [rob@abbottpainting.com]" / "Brochure2.doc"

This spam does not come from Bobby Drell or Abbott Painting, instead it is a simple forgery with a malicious attachment.
From:    Bobby Drell [rob@abbottpainting.com]
Date:    5 March 2015 at 10:27
Subject:    Brochure2.doc

Please change the year to 2015.
Please confirm receipt
Bobby Drell
Attached is a file Brochure2.doc which has a low detection rate which contains this malicious macro [pastebin] which downloads a component from the following location:


This is saved as %TEMP%\324235235.exe. Note that there may be different versions of this document that download files from different locations, but the payload should be identical. In this case the executable has a detection rate of 4/57.

Automated analysis tools [1] [2] show it phoning home to the following IPs: (MWTV, Latvia) (Digital Networks aka DINETHOSTING, Russia)

Usually this will drop a malicious Dridex DLL, although I was not able to obtain a sample.

Recommended blocklist:

No comments: