From: Aida CurrySubjects spotted so far are:
Date: 18 May 2015 at 11:40
Subject: Your reasoning stands in need
Good Afternoon,
We have attained a reimbursement from you for the draft of £ 2909. Please would you secure me with a remittance, in order for me to reconcile the statement.
I will be sending you a pronouncing of outstanding invoices tomorrow, the entire quantum of outstanding is £ 5893 less the 1 draft received making a whole outstanding of £ 2984. We would very much appreciate settlement of this.
As previously mentioned we reversed to a limited company on 1st December 2014. We are desire to conclude all the old checks down, for both tax and year end reasons. We would be very grateful in your assistance in eliciting the outstanding.
If you need any application of bills please do not hesitate to contact us
Regards,
Aida Curry
-------------------
From: Cornelius Douglas
Date: 18 May 2015 at 11:39
Subject: Your reasoning stands in need
Good morning
Please find attached a remittance advice, relating to a outpayment made to you.
Many thanks
Regards,
Cornelius Douglas
Seniour Finance Assistant
-------------------
From: Jewell Shepard
Date: 18 May 2015 at 11:37
Subject: Have a need in your thought
Please, see the attached similar of the remittance.
Please, can you remit a revised pronouncing so we can settle any outstanding balances.
Kind Regards,
Jewell Shepard
In want of your concern
Your reasoning stands in need
Have a need in your thought
Vital announcement 561335
Your advertence stands in need
Grand advert 482209
Important notice 540897
In want of your regarding
In want of your concern
Your reasoning stands in need
Wish to know your thought
Your cognizance is in great necessity
Need your consideration
There seem to be several different attachments, but for the sake of simplicity I have looked at just one. The Hybrid Analysis report shows this this is a MIME attachment that downloads and executes a script from pastebin[.]com/download.php?i=C5KGsRX3 which in turn downloads a malicious executable from 193.26.217[.]220:80/bt/get3.php (Servachok LTD, Russia) which is saved as crypted.120.exe.
This executable has a VirusTotal detection rate of 4/57. The Malwr and Hybrid Analysis reports indicates traffic to 5.63.154.228 (Reg.Ru, Russia) and also shows a dropped Dridex DLL with a detection rate of 3/57.
Recommended blocklist:
5.63.154.228
193.26.217.220
MD5s (executable):
af15ba558c07f8036612692122992aad
0074fdc06f8b1da04c71feb249e546dc
No comments:
Post a Comment