From: Joanne Durham [Joanne.durham@excel.gb.com]
Date: 22 July 2015 at 10:04
Subject: Invoice Batch for UCB01 from: Excel Manufacturing Ltd
Please see our Invoice for your reference [Cust Ord No] attached.
Yours sincerely,
Excel Manufacturing Ltd
Unit 1 & 2 Fieldhouse Business Park,
Old Fieldhouse Lane,
Huddersfield,
West Yorkshire,
HD2 1FA
Tel: (01484) 452010
Fax: (01484) 452015
Email: info@excel.gb.com
So far I have only seen one sample with an attachment Excel Manufacturing Ltd Invoice UCB01.docm which has a VirusTotal detection rate of 8/56. The document contains this malicious macro [pastebin] which downloads a binary from:
http://amsaqwankido.com/max/bbw.exe
which is saved as %TEMP%\mikapolne.exe . This has a detection rate of 3/55 and this Malwr report shows suspect traffic to the following IP:
194.58.96.45 (Reg.Ru, Russia)
This appears to drop the Dridex banking trojan.
MD5s:
1aa3f816e710f3cecb255845d4738c5e
839ca1594450c1d7afca5fddc376fbfa
3 comments:
I just got this email from sender IP is 50.81.1.73
I also received it. Beware of unexpected attachments!
U must be an idiot anyway if u open or click to download that shit unless u expect something like that from that company or anywere ealse.
I recive 10ns of that kind of emails every day an does not mean I must open them.
people have to wakeup and think twice, don't just be curios ( u know what kill the cat :)))))?????
Post a Comment