Sponsored by..

Tuesday 25 August 2015

Malware spam: "UPDATE_VACATIONS_SCHEDULE_09_2015.pdf" via sugarsync.com

 This fake Dropbox email leads to malware, hosted on the sharing service sugarsync.com.

From:    June Abel via Dropbox [no-reply@dropbox.com]
Date:    25 August 2015 at 12:59
Subject:    June Abel shared "UPDATE_VACATIONS_SCHEDULE_09_2015.pdf" with you

June used Dropbox to share a file with you!

Click here to download.

© 2015 Dropbox
I have seen three different samples with different download location:


In each case, the binary downloaded is identical and has a VirusTotal detection rate of 3/55. Analysis is pending, but the payload appears to be the Dyre banking trojan.

The Hybrid Analysis report shows traffic to (Cobranet, Nigeria) which I recommend you block.

1 comment:

Eduardo Bruno da Costa Krukoski said...

https://www.sugarsync.com/pf/D3157977_837_126425935 point to file: Orçamento-0388.zip
with Planilha-0029304.exe inside.
http://virustotal.com analise as a Win-Trojan/MDA.630F094C or Trojan.MSIL.Injector.BBT

They don't have email to abuse report!