From: Spectrum.licensing@ofcom.org.uk
Date: 5 August 2015 at 07:46
Subject: IMPORTANT - Document From Ofcom Spectrum Licensing
Dear Sir/Madam,
Please find attached an electronic version of important documents relating to your Wireless Telegraphy licence or application.
Please read the document carefully and keep it for future reference.
If any details within this letter are incorrect, please notify Ofcom Spectrum Licensing as soon as possible. It is the Licensee's responsibility to ensure all information we hold is correct and current.
If you have any enquiries relating to this document, please email
spectrum.licensing@ofcom.org.uk
Yours faithfully,
Ofcom Spectrum Licensing
Riverside House
2a Southwark Bridge Road
London SE1 9HA
Phone: 020 7981 3131
Fax: 020 7981 3235
Textphone: 020 7981 3043
In the sample I saw, the attachment was OFCOM_REN04_20150715_0976659.docm [VT 4/46] which contains this malicious macro [pastebin] which (according to this analysis) downloads a malware executable from:
naturallyconvenient.co.za/75yh4/8g4gffr.exe
This has a detection rate of 4/52 and automated analysis tools [1] [2] show it phoning home to:
194.58.111.157 (Reg.RU, Russia)
That IP has been used for badness a few times recently and I definitely recommend that you block traffic to it. The payload is most likely to be the Dridex banking trojan.
MD5s:
2934c524678e7e1447653e72a1e8ca3b
d9bf9f695433705dc4fc5986d170ba1f
No comments:
Post a Comment