Sponsored by..

Friday 13 March 2015

Malware spam: "pentafoods.com" / "Invoice: 2262004"

This fake Penta Foods spam run is another variant of this and it comes with a malicious attachment. Penta Foods are not sending this email, instead it is a simple forgery.

From:    cc18923@pentafoods.com
Date:    13 March 2015 at 07:50
Subject:    Invoice: 2262004

Please find attached invoice :  2262004
  Any queries please contact us.

Automated mail message produced by DbMail.
Registered to Penta Foods, License MBA2009357.

Attached is a Word document R-1179776.doc which actually comes in two version, both with zero detection rates, contains one of two malicious macros [1] [2] which then download a component from the following locations:


This is saved as %TEMP%\fJChjfgD675eDTU.exe and has a VirusTotal detection rate of 5/57. Automated analysis tools [1] [2] show a phone-home attempt to: (Clodo-Cloud / IT House, Russia)

My sources also indicate that it phones home to: (Webagentur, Austria) (iomart / RapidSwitch, UK)

According to this Malwr report it also drops a DLL with a detection rate of just 2/57 which is probably Dridex.

Recommended blocklist:

No comments: