From: sales@outofeden.co.uk [mailto:sales@outofeden.co.uk]The payload is very similar to the one found in this earlier spam run, the payload appears to be the Dridex banking trojan.
Sent: 22 May 2015 10:50
Subject: Your Invoice IN278577 from Out of Eden
Dear customer,
Thank you for your order. Please find attached a DOC copy of your invoice IN278577 from sales order S391622.
Your order was despatched on 21/05/2015. Please check the order on delivery and report any shortage, damage or discrepancy within 48 hours from of receipt of this invoice.
If you would prefer to receive a paper invoice or if this email has been sent to the wrong address, please email sales@outofeden.co.uk or call our Customer Service Team on 017683 72939.
Kind Regards,
Customer Services
Tel: 017683 72939
Please consider the environment before printing this email
Out of Eden Ltd
The UK's Most Popular One-Stop-Shop for Hospitality Products www.outofeden.co.uk
Home Farm Buildings, Kirkby Stephen. CA17 4AP
Tel: 01768 372 939 Fax: 01768 372 636
Email: sales@outofeden.co.uk
VAT no: 621 2326 86
Reg. in England & Wales - Co. No. 3178081
My contact who sent the information about this spam run (thanks!) also sent the following data about the attachments and download locations. I haven't had time to look into it any further.
hxxp://thepattersonco[.]com/85/20.exe
Attachment: Invoice IN278577 (emailed 2015-05-21).doc
MD5: b15ac324d13f8804959a81172317a4ba
hxxp://www[dot]footingclub[.]com/85/20.exe
Attachment: Invoice IN278577 (emailed 2015-05-21).doc
MD5: d89c0affa2c1b5eff1bfe55b011bbaa8
hxxp://hci-ca[.]com/85/20.exe/85/20.exe
Attachment: Invoice IN278577 (emailed 2015-05-21).doc
MD5: 98c3a42b0d958333a4108e04f10d441f
hxxp://www.seedsindaphne[.]org/85/20.exe
Attachment: Invoice IN278577 (emailed 2015-05-21).doc
MD5: 13dfb8bd543e77453cfd0ab3d586ba77
hxxp://mercury.powerweave[.]com/85/20.exe
Attachment: Invoice IN278577 (emailed 2015-05-21).doc
MD5: cf5a5ec18a9031f998a1a3945ca10379
No comments:
Post a Comment