Dynamoo's Blog: Malware spam: "Mary Watkins [mary@elydesigngroup.co.uk]" / "Invoice"

Tuesday, 24 March 2015

Malware spam: "Mary Watkins [mary@elydesigngroup.co.uk]" / "Invoice"

This spam email message does not come from Ely Design Group, but is in fact just a simple forgery. Ely Design Group's systems have not been compromised in any way. This email comes with a malicous attachment.

From:    Mary Watkins [mary@elydesigngroup.co.uk]
Date:    24 March 2015 at 07:23
Subject:    Invoice

Hi,

As promised!

--
Mary Watkins
Office Manager
Ely Design Group

Attached is a Word document named S22C-6e15031710060.doc which has a low detection rate of 2/57 which contains this malicious macro [pastebin] which then downloads a component from the following location:

http://dogordie.de/js/bin.exe

The file is saved as %TEMP%\PALmisc2.5.2.exe and has a VirusTotal detection rate of 6/57.

Automated analysis tools [1] [2] [3] [4] [5] indicate that the binary crashes in those test environments. although whether or not it will work on a live PC is another matter. The payload (if it works) is almost definitely the Dridex banking trojan.

2 comments:

R said...: Ely Design Group have posted a message on their website saying that their servers came under attack and advising people not to open anything claiming to originate from them.; 24 March 2015 at 12:35
xlr8 said...: This comment has been removed by the author.; 24 March 2015 at 15:48

Dynamoo's Blog

Link List

Sponsored by..

Tuesday, 24 March 2015

Malware spam: "Mary Watkins [mary@elydesigngroup.co.uk]" / "Invoice"

2 comments: