From: Mirjana Prgomet [mirjana@fokus-medical.hr]There is no body text, but the only example I saw had an attachment name of report20520159260[1].doc which contained this malicious macro [pastebin] which downloads a malicious executable from:
Date: 20 May 2015 at 08:26
Subject: Uplata po pon 43421
http://uvnetwork.ca/1/09.exe
This is saved as %TEMP%\eldshrt1.exe and has a VirusTotal detection rate of 3/56. There are probably other download locations with other variants of the document, but the payload should be the same in each case.
Automated analysis tools [1] [2] [3] indicate network traffic to the following locations:
31.186.99.250 (Selectel Network, Russia)
107.170.1.205 (Digital Ocean, US)
146.185.128.226 (Digital Ocean, Netherlands)
144.76.238.214 (Hetzner, Germany)
The Malwr report shows that it drops a Dridex DLL with a detection rate of 5/53.
Recommended blocklist:
31.186.99.250
107.170.1.205
146.185.128.226
144.76.238.214
MD5s:
7008675da5c1b0a6b59834d125fafa45
cef5555f191735867c34868c346501ad
No comments:
Post a Comment