Sponsored by..

Tuesday 9 June 2015

Malware spam: "Password Confirmation [490192125626] T82"

This spam email message comes with a malicious attachment:
From:    steve.tasker9791@thomashiggins.com
Date:    9 June 2015 at 10:41
Subject:    Password Confirmation [490192125626] T82

Full document is attached
So far I have seen only a single example of this. Attached is a malicious Word document named 1913.doc [VT 3/57] which contains this malicious macro [pastebin] which downloads a component from the following location:


Incidentally, the macro contains a LOT of junk that appears to have been harvested from a Microsoft tutorial or something. The downloaded executable has a VirusTotal detection rate of 4/57 and automated analysis tools [1] [2] [3] [4] indicate traffic to the following IPs: (Linode, US) (OVH, France) (Selectel, Russia)

The Malwr report shows that it downloads a Dridex DLL with a detection rate of 3/57.

Recommended blocklist:


No comments: