Tuesday, 24 March 2015

Malware spam: "Mary Watkins [mary@elydesigngroup.co.uk]" / "Invoice"

This spam email message does not come from Ely Design Group, but is in fact just a simple forgery. Ely Design Group's systems have not been compromised in any way. This email comes with a malicous attachment.

From:    Mary Watkins [mary@elydesigngroup.co.uk]
Date:    24 March 2015 at 07:23
Subject:    Invoice

Hi,

As promised!

--
Mary Watkins
Office Manager
Ely Design Group
Attached is a Word document named S22C-6e15031710060.doc which has a low detection rate of 2/57 which contains this malicious macro [pastebin] which then downloads a component from the following location:

http://dogordie.de/js/bin.exe

The file is saved as %TEMP%\PALmisc2.5.2.exe and has a VirusTotal detection rate of 6/57.

Automated analysis tools [1] [2] [3] [4] [5] indicate that the binary crashes in those test environments. although whether or not it will work on a live PC is another matter. The payload (if it works) is almost definitely the Dridex banking trojan.

at

2 comments:

  1. R24 March 2015 at 12:35

    Ely Design Group have posted a message on their website saying that their servers came under attack and advising people not to open anything claiming to originate from them.

    ReplyDelete
  2. xlr824 March 2015 at 15:48

    This comment has been removed by the author.

    ReplyDelete